Extracting Certificate Info from Things (like web services)

Disclaimer: short post today due to holiday. There’s no research here, but this is something I recently used which might be useful to others

Certificates these days are thrown around on everything. For example, if your web service auths with message security, in a soap envelope for a web service, you might see a base64 certificate and want to know info about it. In the soap request it looks something like this:

<o:Security>
   <o:BinarySecurityToken u:Id="uuid-xxxx" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">base64data....</o:BinarySecurityToken>
   ...

To view the certificate info, you can use openssl. The base64 encoding for openssl is strict, so first I paste the base64data into a file called cert.crt and convert that.

$ base64 -d cert.crt | base64 >cert2.crt

then you can add certificate flags to the beginning and end, so cert2.crt ends up looking like this

-----BEGIN CERTIFICATE-----
convertedbase64data
...
-----END CERTIFICATE-----

Now you can view all the cert info (containing validity, issuer, algorithms, serial numbers, subject names, public key, CRLs, thumbprints) with openssl

$ openssl x509 -in cert2.crt -text -noout

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s