Check which certificate is bound to an asp.net site from within site

Question

I have an IIS hosted asp.net (mvc/api etc) app that runs under a limited context (e.g. App Pool Identity or similar). The loopback is not available. How can i check which certificate is bound to the site that hosts my app from within the app?

E.g. when admin specifies the ssl binding in IIS.

Answer 1

Using the Microsoft.Web.Administration API comes to mind, you would need to give your AppPool identity read access to the ApplicationHost.config file.

However even though that file has the bindings for your site, is does not have the information which certificate is used, so that API doesn't help.

On the command line you can do:

netsh http show

.

SSL Certificate bindings:
IP:port                      : 0.0.0.0:443
Certificate Hash             : aef3b8daaaabe075555534943c53f8727c32c96ef
Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name       : My

To parse the output you need to know the binding which you could get via the Microsoft.Web.Administration API.

The Certificate Hash is also the thumbprint, with that you can more information in PowerShell:

Get-Item Cert:\LocalMachine\My\aef3b8daaaabe075555534943c53f8727c32c96ef| fl *

Both commands work when used as a standard user, which may mean they also work under the AppPool identity?

I'm not sure which APIs to call to get this information, in the worst case you can try to execute these commands and parse their output.

It would be much easier to have a PowerShell script that runs daily, and creates a text file in every site with the information about the certificate. Your code then just reads the file.