If you were using OpenSSL, you can print out the entire contents of a certificate. If you load an X.509 (SSL/TLS) certificate in Scala or Java, you can get specific fields out of the JVM provided libraries, but I find it’s a little confusing to figure out which fields you’re looking for sometimes. Conveniently you can toString the certificate and get the certificate information.
Here’s an example (this shows the root, intermediate, and final certificates):
val newConn =
new URL ("https://www.garysieling.com")
.openConnection
val conn: HttpsURLConnectionImpl = newConn match {
case httpsConn: HttpsURLConnectionImpl => httpsConn
case conn => ???
}
conn.connect
conn.getContent
println (
conn.getServerCertificateChain
.map(_.toString)
.mkString ("\n\n")
)
Here’s an example of the sort of thing you get:
[ Version: V3 Subject: CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc., C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 281834807105255361629368755650440674348550860753438508599739085968134 75231546344880350045894173437055655555886160439888904648822836367923132270904881 29241681462840440982359463411349300256327264194010087250288174239025357278442711 16311269910687693830650651489860305350318443355101699105221265124922233818987898 80979250769496606792378963399784109250777930537641284383655829327884051499729615 68185871033248508910320756151532623737325374487508122767893046575528448678898649 63230065100582757061919277210623434099944532760019026682195684214096263544309007 02769582900713409379681959368449710206322670067079355982945992205091 public exponent: 65537 Validity: [From: Fri Aug 29 22:24:58 GMT 2014, To: Fri May 20 22:24:58 GMT 2022] Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US SerialNumber: [ 023a78] Certificate Extensions: 7 [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://g.symcd.com ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e 0010: B8 CA CC 4E ...N ] ] [3]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] [4]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://g.symcb.com/crls/gtglobal.crl] ]] [5]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.16.840.1.113733.1.7.54] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F .%http://w ww.geo 0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com/resour 0020: 63 65 73 2F 63 70 73 ces/cps ]] ] ] [6]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [7]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 0B 50 EC 77 EF 2A 9B FF EC 03 A1 0A FF AD C6 E4 .P.w.*.......... 0010: 2A 18 C7 3E *..> ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 33 24 D5 90 AA 29 0C 35 B9 2F C3 C7 42 93 C0 C6 3$...).5./..B... 0010: 10 4B 03 08 76 84 10 A2 E0 E7 53 12 27 F2 0A DA .K..v.....S.'... 0020: 7F 3A DC FD 5C 79 5A 8F 17 74 43 53 B1 D5 D1 5D .:..\yZ..tCS...] 0030: 59 B9 A6 84 64 CA F1 3A 0A 59 96 10 BF A9 81 57 Y...d..:.Y.....W 0040: 8B 5C 87 DC 7F E3 E4 BB 05 7A A0 32 09 13 4E 10 .\.......z.2..N. 0050: 81 28 1F 9C 03 62 BC F4 01 B5 29 83 46 07 B9 E7 .(...b....).F... 0060: B8 5D C8 E9 D1 DD AD 3B F8 34 DB C1 D1 95 A9 91 .].....;.4...... 0070: 18 ED 3C 2C 37 11 4D CC FE 53 3E 50 43 F9 C3 56 ..PC..V 0080: 41 AC 53 9B 6C 05 B2 9A E2 E0 59 57 30 32 B6 26 A.S.l.....YW02.& 0090: 4E 13 25 CD FA 48 70 0F 75 55 60 11 F5 3B D5 5E N.%..Hp.uU`..;.^ 00A0: 5A 3C 8B 5B 0F 0F 62 42 48 61 85 8B 10 F4 C1 88 Z..R0.g....-L0.. 00E0: 8C A5 04 91 BB A4 AB 7F 0F D8 6F F0 66 00 C9 A3 ..........o.f... 00F0: 5C F5 B0 8F 83 E6 9C 5A E6 B6 B9 C5 BC BE E4 02 \......Z........ ]