Gary Sieling

Scala/Java: print out entire SSL certificate without OpenSSL

If you were using OpenSSL, you can print out the entire contents of a certificate. If you load an X.509 (SSL/TLS) certificate in Scala or Java, you can get specific fields out of the JVM provided libraries, but I find it’s a little confusing to figure out which fields you’re looking for sometimes. Conveniently you can toString the certificate and get the certificate information.

Here’s an example (this shows the root, intermediate, and final certificates):

val newConn = 
  new URL ("https://www.garysieling.com")
    .openConnection

val conn: HttpsURLConnectionImpl = newConn match {
  case httpsConn: HttpsURLConnectionImpl => httpsConn
  case conn => ???
}

conn.connect
conn.getContent
            
println (
  conn.getServerCertificateChain
      .map(_.toString)
      .mkString ("\n\n") 
)

Here’s an example of the sort of thing you get:

[
  Version: V3
  Subject: CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc.,
 C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 281834807105255361629368755650440674348550860753438508599739085968134
75231546344880350045894173437055655555886160439888904648822836367923132270904881
29241681462840440982359463411349300256327264194010087250288174239025357278442711
16311269910687693830650651489860305350318443355101699105221265124922233818987898
80979250769496606792378963399784109250777930537641284383655829327884051499729615
68185871033248508910320756151532623737325374487508122767893046575528448678898649
63230065100582757061919277210623434099944532760019026682195684214096263544309007
02769582900713409379681959368449710206322670067079355982945992205091
  public exponent: 65537
  Validity: [From: Fri Aug 29 22:24:58 GMT 2014,
               To: Fri May 20 22:24:58 GMT 2022]
  Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  SerialNumber: [    023a78]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://g.symcd.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://g.symcb.com/crls/gtglobal.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 67 65 6F  .%http://w
ww.geo
0010: 74 72 75 73 74 2E 63 6F   6D 2F 72 65 73 6F 75 72  trust.com/resour
0020: 63 65 73 2F 63 70 73                               ces/cps

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0B 50 EC 77 EF 2A 9B FF   EC 03 A1 0A FF AD C6 E4  .P.w.*..........
0010: 2A 18 C7 3E                                        *..>
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 33 24 D5 90 AA 29 0C 35   B9 2F C3 C7 42 93 C0 C6  3$...).5./..B...
0010: 10 4B 03 08 76 84 10 A2   E0 E7 53 12 27 F2 0A DA  .K..v.....S.'...
0020: 7F 3A DC FD 5C 79 5A 8F   17 74 43 53 B1 D5 D1 5D  .:..\yZ..tCS...]
0030: 59 B9 A6 84 64 CA F1 3A   0A 59 96 10 BF A9 81 57  Y...d..:.Y.....W
0040: 8B 5C 87 DC 7F E3 E4 BB   05 7A A0 32 09 13 4E 10  .\.......z.2..N.
0050: 81 28 1F 9C 03 62 BC F4   01 B5 29 83 46 07 B9 E7  .(...b....).F...
0060: B8 5D C8 E9 D1 DD AD 3B   F8 34 DB C1 D1 95 A9 91  .].....;.4......
0070: 18 ED 3C 2C 37 11 4D CC   FE 53 3E 50 43 F9 C3 56  ..PC..V
0080: 41 AC 53 9B 6C 05 B2 9A   E2 E0 59 57 30 32 B6 26  A.S.l.....YW02.&
0090: 4E 13 25 CD FA 48 70 0F   75 55 60 11 F5 3B D5 5E  N.%..Hp.uU`..;.^
00A0: 5A 3C 8B 5B 0F 0F 62 42   48 61 85 8B 10 F4 C1 88  Z..R0.g....-L0..
00E0: 8C A5 04 91 BB A4 AB 7F   0F D8 6F F0 66 00 C9 A3  ..........o.f...
00F0: 5C F5 B0 8F 83 E6 9C 5A   E6 B6 B9 C5 BC BE E4 02  \......Z........

]
Exit mobile version