Extracting Certificate Info from Things (like web services)
November 22, 2012 Leave a comment
Disclaimer: short post today due to holiday. There’s no research here, but this is something I recently used which might be useful to others
Certificates these days are thrown around on everything. For example, if your web service auths with message security, in a soap envelope for a web service, you might see a base64 certificate and want to know info about it. In the soap request it looks something like this:
<o:Security> <o:BinarySecurityToken u:Id="uuid-xxxx" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">base64data....</o:BinarySecurityToken> ...
To view the certificate info, you can use openssl. The base64 encoding for openssl is strict, so first I paste the base64data into a file called cert.crt and convert that.
$ base64 -d cert.crt | base64 >cert2.crt
then you can add certificate flags to the beginning and end, so cert2.crt ends up looking like this
-----BEGIN CERTIFICATE----- convertedbase64data ... -----END CERTIFICATE-----
Now you can view all the cert info (containing validity, issuer, algorithms, serial numbers, subject names, public key, CRLs, thumbprints) with openssl
$ openssl x509 -in cert2.crt -text -noout