views:

67

answers:

1

Given a url or server name, how can i use powershell or a .net library to download the (expired) certificate the web server is using and then save it to file or import it into my certificate store?

Thanks!

I have made progress, i got this far on this problem:

static class Program
    {
        static void Main()
        {
            ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;
            var tcpclient = new TcpClient("remote.example.com", 443);
            var tcpstream = tcpclient.GetStream();
            var sslstream = new SslStream(tcpstream);
            sslstream.AuthenticateAsClient("remote.example.com");
            X509Certificate rc = sslstream.RemoteCertificate;
            Console.WriteLine(rc.ToString());
            Console.ReadLine();
        }

        public static bool TrustAllCertificatesCallback(
            object sender, X509Certificate cert,
            X509Chain chain, System.Net.Security.SslPolicyErrors errors)
        {
            return true;
        }
    }

Now, when i run this program i get an AuthenticationException on the AuthenticateAsClient line and it says "The remote certificate is invalid according to the validation procedure." I ran it with a breakpoint on return true; and it never called the TrustAllCertificatesCallback. I think there is a permission or configuration problem with the assembly, does anyone know how to fix it?

+1  A: 

I haven't done something like this, but looking at the examples I think I can see what is wrong. Try this code:

static class Program
{
    static void Main()
    {
        var tcpclient = new TcpClient("remote.example.com", 443);
        var tcpstream = tcpclient.GetStream();
        var sslstream = new SslStream(tcpstream, false, new RemoteCertificateValidationCallback (TrustAllCertificatesCallback));
        sslstream.AuthenticateAsClient("remote.example.com");
        X509Certificate rc = sslstream.RemoteCertificate;
        Console.WriteLine(rc.ToString());
        Console.ReadLine();
    }

    public static bool TrustAllCertificatesCallback(
        object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors errors)
    {
        return true;
    }
}
JasonMArcher
That was it! Thanks!
Segfault
There was a [SSL Oblivious Web Client][1] on PoshCode, and there's also [Get-Cert][2] which actually gets the cert instead of just trusting all certs. [1]: http://poshcode.org/624 [2]: http://poshcode.org/69
Jaykul