Skip to main content
M
mischa.suemnig
Participant
February 7, 2012
Question

Get remote servers SSL expiration date

  • February 7, 2012
  • 1 reply
  • 2472 views

We have many clients that all have multiple web sites.  The majority of the web sites, we do not host.  If I wanted to look up when their SSL certificate was going to expire and proactively notify them, does anyone know any way to do this through CF9?

I've done the following, but I don't get the information from the header that I'm looking for:

<cfhttp url="https://www.amazon.com" result="out"></cfhttp>

<cfdump var="#out#" />

However, in PHP, I simply set the following options before calling curl:

curl_setopt($ch[$i], CURLOPT_VERBOSE, true);

curl_setopt($ch[$i], CURLOPT_CERTINFO, true);

VERBOSE enables more info

CERTINFO enables the certificate information to pass in the header

then curl_getinfo() on my curl handler and it's in an array.

I ended up using PHP for this task, but it seems there ought to be a way to do it in CF.

Thanks for any thoughts anyone might have!

This topic has been closed for replies.

1 reply

M
mischa.suemnigAuthor
Participant
February 27, 2012

Any Adobe folks out there know if there is a way to do this, or if perhaps, this may be slated for a future enhancement?

Thanks!

pete_freitag
pete_freitag
Participating Frequently
February 28, 2012

Sure you can do this in CF using Java:

<cfset factory = CreateObject("java", "javax.net.ssl.HttpsURLConnection").getDefaultSSLSocketFactory()>

<cfset socket = factory.createSocket("foundeo.com", JavaCast("int",443))>

<cfset socket.startHandshake()>

<cfset certs = socket.getSession().getPeerCertificates()>

<cfif IsArray(certs)>

  <cfloop from="1" to="#ArrayLen(certs)#" index="i">

                    <cfset cert = certs>

                    <cfoutput>#cert.getSubjectDN().getName()# - Valid Until #DateFormat(cert.getNotAfter())#</cfoutput><br />

  </cfloop> 

</cfif>

<cfset socket.close()>

James Moberg
James Moberg
Inspiring
December 15, 2016

This works on some SSL certificates, but not on everything.  I get a "sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path." error when trying to test any certificates from LetsEncrypt.org (using CF10).  I've hit other strange java limitations before and am going to research some non-Java (.Net/Commandline/API) methods.

sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices