on 2015 May 15 11:34 AM
Hello all,
How can i get the digital signed certificate string of a website ? or is there a way to compare digital signed certificate strings directly from website.
SQL Anywhere cannot download an HTTPS remote certificate directly. You need to either have it available already and provide it to SQL Anywhere in your SQL scripts or you can optionally download it dynamically with a separate external client (like openssl s_client) and launch the client from SQL Anywhere (e.g. using xp_cmdshell) and then refer to the client's output.
There are examples on how to use openssl s_client
for this purpose elsewhere, but here's a command that worked for myself on Windows:
openssl s_client -showcerts -connect open.sap.com:443 < nul 2> nul | openssl x509 -outform PEM > opensapcom.pem
CREATE OR REPLACE PROCEDURE "DBA"."get_open_sap_com"()
result( "name" varchar(254),"value" long varchar )
url 'https://open.sap.com/'
certificate 'file=c:\\\\temp\\\\opensapcom.pem'
type 'http:get';
CALL get_open_sap_com();
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have tried your code and get: The secure connection to the remote host failed: The TLS handshake failed, error code 0 SQLCODE -990
I have to use a proxy connection but that seams not to be the problem. This is the Web Client Log
[connid = 6, 05/22 15:07:57.818, PROXY REQUEST]
CONNECT open.sap.com:443 HTTP/1.0
Host: open.sap.com
[connid = 6, 05/22 15:07:57.819, PROXY RESPONSE]
HTTP/1.0 200 Connection established
[connid = 6, 05/22 15:07:57.848, REQUEST]
GET / HTTP/1.0
ASA-Id: 3154dd355b054cd7bcce53b221377cd4
Connection: close
Accept-Charset: windows-1252, UTF-8, *
Date: Fri, 22 May 2015 13:07:57 GMT
User-Agent: SQLAnywhere/16.0.0.2003
Host: open.sap.com
[connid = 6, Error: socket closed by peer]
[connid = 6, socket closed]
The certificate File was generated on a linux host and contains
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIQfxC167KWIoWsPC9AXZWVZzANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQwODAwMDAwMFoX
DTE3MDQwODIzNTk1OVowdDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1
ZXJ0dGVtYmVyZzERMA8GA1UEBwwIV2FsbGRvcmYxDDAKBgNVBAoMA1NBUDEQMA4G
A1UECwwHb3BlblNBUDEVMBMGA1UEAwwMb3Blbi5zYXAuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQFrcw+txxXP3HL55gCIXFPnyNZxTF2eDQC2
XssoF4BaoGNfl/zZrursTQDJEaepbSmGLbABSuLTkhvEGwGm0VVTjEuD0D8wG4AH
2f8vRxLqOf/GwYKVK1HiVaRL+FLbnbw4LTgViFk1Hmy4JIUIcVQjGyXjlQJ4Tyuz
kyWixbYUyzBYhBcsyHydhC+9h1ovUevqy0T8ZClJ4DHiSVO9rLa6C4C9HdP0l9su
juVRR9Yv05CdKliWAYodSN0ovMjLPPSKCe5yXcWM/ilLMun4eNZcB09qWF4/68sJ
03lHp+bbR8+PK/FtSlxQX/+HOaHK05oZ67gCxhOWu6gSkkUFkQIDAQABo4IBdzCC
AXMwKQYDVR0RBCIwIIIMb3Blbi5zYXAuY29tghB3d3cub3Blbi5zYXAuY29tMAkG
A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYX
aHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9k
LnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8w
KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYI
KwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYG
CCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0B
AQsFAAOCAQEAOU/gpQE1jpduNeJc9r8RLvzuF8c++8dDL97GlAjOSRnPjqq5FAKt
SHbeMFhSYRTUuMrL2ySoLyblRyWTtYY2IOavNrFBGJ7RtQLcFoDdYjIm1PcgTHQE
M2kUdcReqE9yGgImtVpiv1ESxJbBSIQW/UFPWYRf7tRYaItf7EZJRCmzrxt51Kzg
Ky4QCMI1N4/7hocfZfitqAcK/L3LTisj2K941zo13n3sA9pQM7cm3SUKkMYqz5Jk
sTMchxC/6SCViFa/NI+qiWddcyEMv4q74ezquEJ1/RFGjynQZbYpIO48wYMObWYG
cdc1aYNU/fQWONZQWZ3GP3euL5rK8hYbpQ==
-----END CERTIFICATE-----
The root certificate should be:
You can see this in the regular openssl s_client
output:
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3
Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
User | Count |
---|---|
66 | |
11 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.