http://www.perlmonks.org?node_id=70620

caveman has asked for the wisdom of the Perl Monks concerning the following question:

I need to check the expiration date of the Certificate at a bunch of secure web sites. I have loaded the packages necessary to access secure web sites and now I can't find any documentation about how to access the Certificate information. Is there some package I can't find on CPAN? Any Ideas?
  • Comment on How can I access the Web Site Certificate with perl

Replies are listed 'Best First'.
Re: How can I access the Web Site Certificate with perl
by araqnid (Beadle) on Apr 07, 2001 at 05:48 UTC
    What are you using to do the HTTPS transfer?

    I'm using LWP (libwww-perl) with Crypt::SSLeasy (lib-crypt-ssleay-perl on Debian), and if I say:

     HEAD -x https://db.debian.org/
    
    I get some headers back in the response, e.g.:
    Client-SSL-Cert-Issuer: /C=US/ST=Georgia/L=Atlanta/O=Debian/OU=LDAP/CN=db.debian.org/Email=debian-admin@lists.debian.org
    Client-SSL-Cert-Subject: /C=US/ST=Georgia/L=Atlanta/O=Debian/OU=LDAP/CN=db.debian.org/Email=debian-admin@lists.debian.org
    Client-SSL-Cipher: EDH-RSA-DES-CBC3-SHA
    Client-SSL-Warning: Peer certificate not verified
    
    I strongly recommend reading the Crypt::SSLeay documentation.

    So, to use this in a more substantive example:

    #!/usr/bin/perl -w require 5.6.0; use strict; use LWP; our $hostname = shift or die "Syntax: $0 hostname\n"; our $ua = LWP::UserAgent->new; our $req = HTTP::Request->new(HEAD => "https://$hostname"); our $resp = $ua->request($req); print " Site: ", $resp->header('Client-SSL-Cert-Subject'), " +\n"; print "Cert. Authority: ", $resp->header('Client-SSL-Cert-Issuer'), "\ +n"; print " Cipher: ", $resp->header('Client-SSL-Cipher'), "\n";
    and then you should be able to run this script with the hostname of an SSL site as a parmaeter, e.g. "www.verisign.com". HTH
Re: How can I access the Web Site Certificate with perl
by nardo (Friar) on Apr 07, 2001 at 03:11 UTC
    From the Net::SSLeay documentation:
    dump_peer_certificate() allows you to get plaintext description of the certificate the peer (usually server) presented to us.
Re: How can I access the Web Site Certificate with perl
by caveman (Pilgrim) on Apr 08, 2001 at 09:52 UTC
    Thank you. I was just using LWP:UserAgent after installing the LWP::Protocol::https I guess I needed to search CPAN with SSL, instead of HTTPS to find the Net::SSLeay. You guys rock! caveman