Jamie Pirie Jamie Pirie - 4 years ago 181
Ruby Question

Using Ruby OpenSSL to download and read certificates

I'm trying to work out how to download a certificate from a web address/uri using OpenSSL in the stdlib and then make use of it in an alerting application.

At the moment, I'm essentially calling the openssl executable using s_client and parsing the response to get the certificate but it just feels silly/clunky to be doing so when I've got a whole lib to handle this (and that I know for sure already DOES this).

I've spent a bit of time trying to wrap my head around the openssl source in Ruby but I feel fairly defeated by it; also the internet appears to be flooded with many rubyists trying to bypass their SSL (wince) rather than helpful information on OpenSSL itself so I'm not having much luck there either.

Would someone be able to point me in the right direction at all? Perhaps via the documentation or something similar to be able handle this particular task? If you have an example that would be even better but I'd much prefer to try and get my head around it myself.

Thanks in advance.

Answer Source

It's pretty simple actually. To get remote certificate, you need to try to establish an SSL connection, then just read the peer certificate from there,

# Get OpenSSL context
ctx = OpenSSL::SSL::SSLContext.new

# Get remote TCP socket
sock = TCPSocket.new(remote_host, 443)

# pass that socket to OpenSSL
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)

# establish connection, if possible
ssl.connect

# get peer certificate and do things with it
cert = ssl.peer_cert
cert.version
cert.subject.to_s

Now, this simple method doesn't work with SNI, but it will get you started.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download