ansaurus

Question

Check in Javascript if a SSL Certificate is valid

Answer 1

+1 A:

The question doesn't make sense. You can't get the server's SSL certificate without opening an SSL connection to it, and once you've done that, telling the user they can do that too is a bit pointless.

EJP 2010-04-11 22:52:26

No. User can "accept an untrusted certificate".

Malx 2010-10-26 16:33:09

No what? You can't get the server's SSL certificate without opening an SSL connection. If the user accepted the certificate he already had the chane to look at it. What's your point?

EJP 2010-10-27 07:51:41

Answer 2

+1 A:

The straight answer is no. Javascript does not provide any means of validating certificates. This is a job left to the browser.

A better approach to this problem is from the server side. If you are controlling the site, than you can render down a variable on the page with information gleaned on the server side.

In .Net something like

var canSecure = <%= MySiteHasSsl ? "true" : "false" %>;
if (canSecure) {
    if (confirm("This site supports SSL encryption. Would you like to switch to a secure connection?")) {
        location.href = "https://mysite.com";
    }
}

Joel Potter 2010-04-11 23:16:47

Answer 3

A:

I'm not quite sure what your use case is. If you are just trying to "check ahead of time" before you provide a link to someone for another website then the other answers here will be more relevant than mine.

If you are expecting mysite.com to use an SSL certificate that isn't trusted by default in the browser but you have another way of knowing it should be trusted, then you could use a JavaScript TLS implementation to make cross-domain requests to that other site. However, this requires that your website be served on https and trusted in the browser to begin with and the other site to provide a Flash cross-domain policy file.

If this sounds anything like what you want to do, check out the opensource Forge project:

http://github.com/digitalbazaar/forge/blob/master/README

dlongley 2010-07-22 17:15:20

Answer 4

A:

Looking at ARP Poissoning and man-in-the-middle-attack with ssl sessions I would like to get some information on the certificate being used on the web browser using javascript to warn or block the connection if the certificate doesn't match.

This makes sense on you?

Could it be possible?

Nicolas Leuenberger 2010-09-09 18:25:23

Should be a separate question

blu 2010-09-09 18:29:59

No. It you have targeted man-in-the-middle-attack then it is possible to cut out that JS code from page.

Malx 2010-10-26 16:27:02

Answer 5

A:

What I've found up to now - it is possible with Firefox, don't know yet about other browsers:

https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL

Zrin 2010-10-01 07:56:10

no - "you can only call it from a browser extension or from a XULRunner application"

Malx 2010-10-26 16:24:48

ansaurus

tags:

views:

answers:

Check in Javascript if a SSL Certificate is valid

related questions