Page 1 of 1

how to check the SSL certificate of a https website

PostPosted: Thu Jan 08, 2015 2:10 pm
by fkapnist
How does the Neobook browser object check the SSL certificate of a https website? The following code half works but always returns "this type of document does not have a security certificate."

Code: Select all
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('security',document.security);" "JScript"
AlertBox "" "[security]"


:?:

Re: how to check the SSL certificate of a https website

PostPosted: Fri Jan 09, 2015 11:42 am
by Neosoft Support
I'm not sure that you can do this with JavaScript.

I couldn't find any documentation for document.security. Are you sure "security" is a supported property of document?

Re: how to check the SSL certificate of a https website

PostPosted: Sat Jan 10, 2015 8:51 pm
by fkapnist
Neosoft Support wrote:I'm not sure that you can do this with JavaScript.

I couldn't find any documentation for document.security. Are you sure "security" is a supported property of document?


It is not supported but I find it interesting that it still returns a message pertaining to a security certificate.... Is there a Vbasic script that can display the security certificate of a website?

Re: how to check the SSL certificate of a https website

PostPosted: Sat Jan 10, 2015 9:28 pm
by fkapnist
Here are some more DOM document properties that you can cut and paste to return current page details for WebBrowser1...

Code: Select all
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('title',document.title);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('referrer',document.referrer);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('domain',document.domain);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('protocol',location.protocol);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('URL',document.URL);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('doctype',document.doctype.name);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('encoding',document.inputEncoding);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('links',document.links.length);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('images',document.images.length);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('embeds',document.embeds.length);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('scripts',document.scripts.length);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('cookie',document.cookie);" "JScript"
BrowserExecScript "WebBrowser1" "window.external.nbSetVar('lastModified',document.lastModified);" "JScript"
AlertBox "" "title: [title] [#13][#13]referrer: [referrer] [#13][#13]domain: [domain] [#13][#13]protocol: [protocol] [#13][#13]URL: [URL] [#13][#13]doctype: [doctype] [#13][#13]encoding: [encoding] [#13][#13]links: [links] [#13][#13]images: [images] [#13][#13]embeds: [embeds][#13][#13]scripts: [scripts][#13][#13]cookies: [cookie][#13][#13]Last Modified: [lastModified]"



:arrow:
.

Re: how to check the SSL certificate of a https website

PostPosted: Sun Jan 11, 2015 7:50 am
by fkapnist
.
I just found this javascript library that deals with security and has an "online certificate viewer." I haven't had time to test it yet...

http://kjur.github.io/jsrsasign/

:?:
.

Re: how to check the SSL certificate of a https website

PostPosted: Mon Jan 12, 2015 1:05 pm
by fkapnist
No advice from anyone on this matter?
If you make a Neobook business app that uses the Internet, how do you check for authenticity?

A link to Qualys Labs does the certificate check easily enough but it looks too amateurish...
https://www.ssllabs.com/ssltest/analyze.html?d=https://www.facebook.com/&hideResults=on

.

Re: how to check the SSL certificate of a https website

PostPosted: Mon Jan 12, 2015 2:20 pm
by fkapnist
.
By the way, it should be pointed out that security certificates are absolutely NO guarantee that a disgruntled Administrator won't steal sensitive user data and pass it on or sell it without ever getting caught... It is an easy thing to do and it seems to happen all the time, as the link below shows:

http://www.usatoday.com/story/news/nation/2015/01/12/twitter-centcom-isis/21640577/

Most users don't understand that there is a BIG difference between browser security and browser privacy... but that is a subject we can discuss later...

:!:
.

Re: how to check the SSL certificate of a https website

PostPosted: Mon Jan 12, 2015 6:12 pm
by Neosoft Support
I'm sorry, I'm not an expert on Internet security so I don't really have much expertise to offer you on this topic.

Re: how to check the SSL certificate of a https website

PostPosted: Tue Jan 13, 2015 3:37 pm
by Danito
Trata con OpenSSL

Code: Select all
openssl s_client -connect twitter.com:443 > twitterCert


Te devuelve

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:44:2f:71:e3:ab:97:0b:fd:54:b9:23:94:e9:da:5f
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL CA
Validity
Not Before: Jul 27 00:00:00 2010 GMT
Not After : Jul 27 23:59:59 2011 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=Private Organization/serialNumber=4337446, C=US/postalCode=94107, ST=California, L=San Francisco/streetAddress=795 Folsom St, Suite 600, O=Twitter, Inc., OU=Twitter Operations, CN=twitter.com
etc...
etc...

Re: how to check the SSL certificate of a https website

PostPosted: Fri Jan 16, 2015 7:25 am
by fkapnist
Danito wrote:Trata con OpenSSL

Code: Select all
openssl s_client -connect twitter.com:443 > twitterCert


Te devuelve

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:44:2f:71:e3:ab:97:0b:fd:54:b9:23:94:e9:da:5f
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL CA
Validity
Not Before: Jul 27 00:00:00 2010 GMT
Not After : Jul 27 23:59:59 2011 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=Private Organization/serialNumber=4337446, C=US/postalCode=94107, ST=California, L=San Francisco/streetAddress=795 Folsom St, Suite 600, O=Twitter, Inc., OU=Twitter Operations, CN=twitter.com
etc...
etc...


But this would require that the user has OpenSSL installed on Windows. Most users would not bother....
http://www.herongyang.com/Cryptography/OpenSSL-Installation-on-Windows.html
Since Internet Explorer can check security certificates, isn't there a hook that can access that command?