tags:

views:

43

answers:

3
+1  Q: 

Is there a way to get SSL certificate details using JavaScript?

Hi all, I'd like to gather certain details of an SSL certificate on a particular web-site. I know this is straightforward using the openssl tool on Linux/MacOSX. However is the same or similar possible in JavaScript?

I understand that the browser handles socket connections and that the SSL handshake occurs prior to any party sending data. However in an XMLHTTPRequest, I'd like to know if its possible to get these details as some sort of response code etc?

+1  A: 

This information simply isn't exposed to javascript, it is so rarely used (well never since it isn't available, but it would be rarely used) that it wasn't deemed important enough to add to the javascript object model I suppose...same for any very rarely used feature left out of anything.

Of course, it could have also been left out for security reasons...I'm not creative enough to come up with one at the moment, but I'm sure there's an exploit to be had there as well.

Nick Craver  2010-04-09 00:43:33
no security reason, certificates are public values.
GregS  2010-04-09 01:02:10
@GregS - I can't think of one either...but I've said that 100 times before and someone will come up with a vulnerability I would *never* have consireded, different mindset I suppose...so I was just throwing that option out there. If you were hosting the javascript in question...wouldn't you be the one with the certificate already? That's what leads me to think there might be more some nefarious use *somehow* for this. As I said though, definitely not my area of expertise, I'll leave it to you and others who specialize in this area elaborate on what may be possible.
Nick Craver  2010-04-09 01:17:58
Thanks Nick, I guess I'll have to think about how to grab SSL details on a client's end in a cross platform way, without JS or installing alternative binaries (such as openssl, curl/wget).
sHz  2010-04-09 01:34:45
A: 

Nope, not possible.

It is possible to detect via javascript whether the current page being viewed is over an SSL connection (document.location.protocol=="https:"), but that's about it.

Sean  2010-04-09 00:46:33
A: 

The certificate isn't part of the DOM, so no, this won't be possible. Sorry!

John Feminella  2010-04-09 00:49:13

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript