0

I am building a Firefox add-on that needs to extract details of SSL certificates received, like name of the CA, country of the CA (certificate authority). I want to know if it's possible to extract the above details using JavaScript or do I need to use OpenSSL and thereby link both of them?

Are there any better solutions?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Pratik Bosamiya
  • 23
  • 2
  • 1
    Received how? Web page loaded into the browser, XMLHttpRequest, something else? – Wladimir Palant Nov 06 '11 at 15:25
  • Wladimir Palant sorry for the late response, i would like to extract details from the Web Browser but precisely speaking i am a novice developer, anything that is good for a beginner will help –  Nov 23 '11 at 23:24
  • @Pratik: Please have a look at http://stackoverflow.com/editing-help#link-comment-reply, people you are replying to won't get notified otherwise. – Wladimir Palant Nov 24 '11 at 08:24

1 Answers1

1

The Page Info dialog in Firefox already displays certificate information so it is a good idea to look at how it is implemented. To sum up:

  • The <browser> or <tabbrowser> element (gBrowser in a Firefox window) has a property securityUI.
  • The value of this property implements nsISSLStatusProvider interface which allows you to get to nsISSLStatus.
  • From there you can get to nsIX509Cert which has all the necessary information.

Code example:

var status = gBrowser.securityUI
                     .QueryInterface(Components.interfaces.nsISSLStatusProvider)
                     .SSLStatus;
if (status && !status.isUntrusted)
{
  // This shows: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
  alert(status.serverCert.issuerName);

  // This shows: Equifax Secure Certificate Authority
  alert(status.serverCert.issuerOrganizationUnit);
}

Note that the interface doesn't provide a way to extract issuer's country, you will have to parse status.serverCert.issuerName value yourself. Also, you only get the information on the immediate issuer this way, not the root CA. To get to the root CA you should use status.serverCert.issuer property and walk up the chain.

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
  • Actually i have one more idea, using **PHP script to call a bash script which executes OpenSSL** commands, the script will be provided with the _URL of the Web-Server_, can i have your opinion about the how feasible the solution is ?? Thanks for the prompt reply and nice solution – Pratik Bosamiya Nov 24 '11 at 14:56
  • @PratikBosamiya: You are asking the wrong person. You probably want to create a new question with appropriate tags. – Wladimir Palant Nov 24 '11 at 20:47
  • i am actually facing some problems in parsing **status.serverCert.issuerNaame**, can you tell if the value returned from the function can be stored as a String, if no can you suggest some ideas for parsing. I interpreted the value as String and used the `**lastIndexOf()**` function but the script didn't work, so please can you help me with it. – Pratik Bosamiya Nov 25 '11 at 00:21
  • @PratikBosamiya: Again, asking a new question is probably a good idea. Personally I would split that string by commas and then parse each individual value. – Wladimir Palant Nov 25 '11 at 07:39