0

I have a program I'm developing centered around the browser digitally signing a value.

The plan was to use the HTTPS cert built in to the browser to sign, but the whole approach is contingent on getting access to the browser's HTTPS cert's public key.

How do I access it either in Javascript or ASP.NET service code?

I'm coming up blank on Google (the best I can find is something that allows for communication through custom certs, but not the one the browser uses for HTTPS).

Colin
  • 4,025
  • 21
  • 40
  • 4
    I'm not sure that's how that works. HTTPS certs are associated with a webserver. And signing is typically done with a private key. – Herohtar Nov 28 '18 at 22:34
  • 2
    Right...this sounds like an XY problem. What exactly is it you are wanting to do? – charlietfl Nov 28 '18 at 22:48
  • 1
    no, you [dont get them automagically](https://stackoverflow.com/a/2604413/4648586) you will need to provide the keys to both manually. though we are not really sure what you want to achieve. – Bagus Tesa Nov 29 '18 at 01:21
  • 1
    You guys were right; I misunderstood how SSL worked. I was thinking that the server used its certificate to secure transmission to the browser, and the browser used a local certificate to secure transmission to the server (where both shared their public keys and used asymmetric encryption at either end of the communication), but I looked into it and discovered that only the server uses its certificate to accept an encrypted symmetric key generated on the client. – Colin Nov 29 '18 at 16:09

1 Answers1

2

Normally we sign our request with public key which is present in .crt file. Corresponding to that domain we have .pfx file which contains the private key and is present with server.

Through below code you can get complete certificate chain. Normally we have a function ServerCertificateValidationCallback which is used to validate certificate chain but here we are using it to access the certificates which we are validating. So, we need to register the callback "ServerCertificateValidationCallback" for our request.

Below is the console code which returns us the certificate:

public static void Main(string[] args)
{
    GetCertificate("https://www.facebook.com", "");
}
/// <summary>
/// Get and write certificate from URL into file in path
/// </summary>
/// <param name="_URL">URL of website with certficate</param>
/// <param name="_path">Path where you want to store certificate</param>
private static void GetCertificate(string url, string path)
{

        var request = (HttpWebRequest)WebRequest.Create(url);
        request.AllowAutoRedirect = false;
        request.ServerCertificateValidationCallback = ServerCertificateValidationCallback;

        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        response.Close();
        Console.ReadLine();

}

private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    foreach (var cert in chain.ChainElements)
    {
        Console.WriteLine(cert.Certificate.FriendlyName);
        Console.WriteLine(ExportToPem(cert.Certificate));
    }

    return true;
}

/// <summary>
/// Export a certificate to a PEM format string
/// </summary>
/// <param name="_cert">The certificate to export</param>
/// <returns>A PEM encoded string</returns>
public static string ExportToPem(X509Certificate2 cert)
{
    StringBuilder strBuilder = new StringBuilder();

    try
    {
        strBuilder.AppendLine("-----BEGIN CERTIFICATE-----");
        strBuilder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
        strBuilder.AppendLine("-----END CERTIFICATE-----");

    }
    catch (Exception)
    {
    }

    return strBuilder.ToString();
}
Raghvender Kataria
  • 1,457
  • 7
  • 14