Created
February 8, 2016 15:30
-
-
Save lamw/86791da8fc548762b142 to your computer and use it in GitHub Desktop.
Examples of extracting SSL Certificate Thumbprint for *Nix & Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### *Nix using openssl (http://www.virtuallyghetto.com/2012/04/extracting-ssl-thumbprint-from-esxi.html) | |
| echo -n | openssl s_client -connect 192.168.1.200:443 2>/dev/null | openssl x509 -noout -fingerprint -sha1 | |
| SHA1 Fingerprint=AF:3F:70:E6:78:50:41:76:F0:E0:55:78:C0:77:49:FB:69:36:93:6C | |
| ##### Windows using PowerShell Option #1 (https://communities.vmware.com/thread/501913?start=0&tstart=0) | |
| Function Test-WebServerSSL { | |
| # Function original location: http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=60 | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)] | |
| [string]$URL, | |
| [Parameter(Position = 1)] | |
| [ValidateRange(1,65535)] | |
| [int]$Port = 443, | |
| [Parameter(Position = 2)] | |
| [Net.WebProxy]$Proxy, | |
| [Parameter(Position = 3)] | |
| [int]$Timeout = 15000, | |
| [switch]$UseUserContext | |
| ) | |
| Add-Type @" | |
| using System; | |
| using System.Net; | |
| using System.Security.Cryptography.X509Certificates; | |
| namespace PKI { | |
| namespace Web { | |
| public class WebSSL { | |
| public Uri OriginalURi; | |
| public Uri ReturnedURi; | |
| public X509Certificate2 Certificate; | |
| //public X500DistinguishedName Issuer; | |
| //public X500DistinguishedName Subject; | |
| public string Issuer; | |
| public string Subject; | |
| public string[] SubjectAlternativeNames; | |
| public bool CertificateIsValid; | |
| //public X509ChainStatus[] ErrorInformation; | |
| public string[] ErrorInformation; | |
| public HttpWebResponse Response; | |
| } | |
| } | |
| } | |
| "@ | |
| $ConnectString = "https://$url`:$port" | |
| $WebRequest = [Net.WebRequest]::Create($ConnectString) | |
| $WebRequest.Proxy = $Proxy | |
| $WebRequest.Credentials = $null | |
| $WebRequest.Timeout = $Timeout | |
| $WebRequest.AllowAutoRedirect = $true | |
| [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} | |
| try {$Response = $WebRequest.GetResponse()} | |
| catch {} | |
| if ($WebRequest.ServicePoint.Certificate -ne $null) { | |
| $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle | |
| try {$SAN = ($Cert.Extensions | Where-Object {$_.Oid.Value -eq "2.5.29.17"}).Format(0) -split ", "} | |
| catch {$SAN = $null} | |
| $chain = New-Object Security.Cryptography.X509Certificates.X509Chain -ArgumentList (!$UseUserContext) | |
| [void]$chain.ChainPolicy.ApplicationPolicy.Add("1.3.6.1.5.5.7.3.1") | |
| $Status = $chain.Build($Cert) | |
| New-Object PKI.Web.WebSSL -Property @{ | |
| OriginalUri = $ConnectString; | |
| ReturnedUri = $Response.ResponseUri; | |
| Certificate = $WebRequest.ServicePoint.Certificate; | |
| Issuer = $WebRequest.ServicePoint.Certificate.Issuer; | |
| Subject = $WebRequest.ServicePoint.Certificate.Subject; | |
| SubjectAlternativeNames = $SAN; | |
| CertificateIsValid = $Status; | |
| Response = $Response; | |
| ErrorInformation = $chain.ChainStatus | ForEach-Object {$_.Status} | |
| } | |
| $chain.Reset() | |
| [Net.ServicePointManager]::ServerCertificateValidationCallback = $null | |
| } else { | |
| Write-Error $Error[0] | |
| } | |
| } | |
| $cert = Test-WebServerSSL 192.168.1.200 | |
| $cert.Certificate.Thumbprint | |
| AF3F70E678504176F0E05578C07749FB6936936C | |
| ##### Windows using PowerShell Option #2 (https://github.com/lamw/vghetto-scripts/blob/master/powershell/installvRAIaaSAgent.ps1#L40) | |
| $ENDPOINT = "https://192.168.1.200:443" | |
| add-type @" | |
| using System.Net; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class IDontCarePolicy : ICertificatePolicy { | |
| public IDontCarePolicy() {} | |
| public bool CheckValidationResult( | |
| ServicePoint sPoint, X509Certificate cert, | |
| WebRequest wRequest, int certProb) { | |
| return true; | |
| } | |
| } | |
| "@ | |
| [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy | |
| $WEBREQUEST = [System.Net.Webrequest]::Create("$ENDPOINT") | |
| $SSL_THUMBPRINT = $WEBREQUEST.ServicePoint.Certificate.GetCertHashString() | |
| $SSL_THUMBPRINT | |
| AF3F70E678504176F0E05578C07749FB6936936C |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment