cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Get remote servers SSL expiration date

mischa.suemnig
New Here ,
Feb 07, 2012 Feb 07, 2012

We have many clients that all have multiple web sites.  The majority of the web sites, we do not host.  If I wanted to look up when their SSL certificate was going to expire and proactively notify them, does anyone know any way to do this through CF9?

I've done the following, but I don't get the information from the header that I'm looking for:

<cfhttp url="https://www.amazon.com" result="out"></cfhttp>

<cfdump var="#out#" />

However, in PHP, I simply set the following options before calling curl:

curl_setopt($ch[$i], CURLOPT_VERBOSE, true);

curl_setopt($ch[$i], CURLOPT_CERTINFO, true);

VERBOSE enables more info

CERTINFO enables the certificate information to pass in the header

then curl_getinfo() on my curl handler and it's in an array.

I ended up using PHP for this task, but it seems there ought to be a way to do it in CF.

Thanks for any thoughts anyone might have!

TOPICS
Advanced techniques
2.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
mischa.suemnig
New Here ,
Feb 27, 2012 Feb 27, 2012

Any Adobe folks out there know if there is a way to do this, or if perhaps, this may be slated for a future enhancement?

Thanks!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Feb 28, 2012 Feb 28, 2012
In Response To mischa.suemnig

Sure you can do this in CF using Java:

<cfset factory = CreateObject("java", "javax.net.ssl.HttpsURLConnection").getDefaultSSLSocketFactory()>

<cfset socket = factory.createSocket("foundeo.com", JavaCast("int",443))>

<cfset socket.startHandshake()>

<cfset certs = socket.getSession().getPeerCertificates()>

<cfif IsArray(certs)>

  <cfloop from="1" to="#ArrayLen(certs)#" index="i">

                    <cfset cert = certs>

                    <cfoutput>#cert.getSubjectDN().getName()# - Valid Until #DateFormat(cert.getNotAfter())#</cfoutput><br />

  </cfloop> 

</cfif>

<cfset socket.close()>

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
James Moberg
Enthusiast ,
Dec 15, 2016 Dec 15, 2016
In Response To pete_freitag

This works on some SSL certificates, but not on everything.  I get a "sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path." error when trying to test any certificates from LetsEncrypt.org (using CF10).  I've hit other strange java limitations before and am going to research some non-Java (.Net/Commandline/API) methods.

sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
James Moberg
Enthusiast ,
Dec 15, 2016 Dec 15, 2016
LATEST
In Response To James Moberg

We already use "PRTG Network Monitor" to monitor all our services internally & externally. I discovered that they have a "SSL Certificate Sensor" that can show "Days to expiration (with predefined lower warning and error limits)" in addition to seven (7) other metrics.

https://www.paessler.com/manuals/prtg/ssl_certificate_sensor

NOTE:  Their free version of PRTG allows 100 sensors "free forever".

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices