CODEWITHSUNDEEP
javascriptsslfirefox-addonopenssl
Pratik Bosamiya
Pratik Bosamiya

Reputation: 23

Extract details of SSL certificates using JavaScript/OpenSSL

I am building a Firefox add-on that needs to extract details of SSL certificates received, like name of the CA, country of the CA (certificate authority). I want to know if it's possible to extract the above details using JavaScript or do I need to use OpenSSL and thereby link both of them?

Are there any better solutions?

Upvotes: 0

Views: 1806

Answers (1)

Wladimir Palant
Wladimir Palant

Reputation: 57651

The Page Info dialog in Firefox already displays certificate information so it is a good idea to look at how it is implemented. To sum up:

  • The <browser> or <tabbrowser> element (gBrowser in a Firefox window) has a property securityUI.
  • The value of this property implements nsISSLStatusProvider interface which allows you to get to nsISSLStatus.
  • From there you can get to nsIX509Cert which has all the necessary information.

Code example:

var status = gBrowser.securityUI
                     .QueryInterface(Components.interfaces.nsISSLStatusProvider)
                     .SSLStatus;
if (status && !status.isUntrusted)
{
  // This shows: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
  alert(status.serverCert.issuerName);

  // This shows: Equifax Secure Certificate Authority
  alert(status.serverCert.issuerOrganizationUnit);
}

Note that the interface doesn't provide a way to extract issuer's country, you will have to parse status.serverCert.issuerName value yourself. Also, you only get the information on the immediate issuer this way, not the root CA. To get to the root CA you should use status.serverCert.issuer property and walk up the chain.

Upvotes: 1

Related Questions