how to check SSL certificate expiration date programmatically in Java

how to check java certificate expiration date in linux
how to check ssl certificate expiration date in linux
how to check certificate expiration date
how to check ssl certificate expiration date in windows
how to check ssl certificate expire
script to check ssl certificate expiration date and email
how to check ssl certificate expiration date in mq
java read x509 certificate

I need to extract expiration date from SSL certificate on web site in Java,should support both trusted and self-signed certificate,such as: 1.trusted https://github.com 2.self-signed https://mms.nw.ru/

I already copy some code as:

import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SSLTest {

    public static void main(String [] args) throws Exception {
        // configure the SSLContext with a TrustManager
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);

        URL url = new URL("https://github.com");//https://mms.nw.ru
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
        System.out.println(conn.getResponseCode());
        Certificate[] certs = conn.getServerCertificates();
        for (Certificate cert :certs){
            System.out.println(cert.getType());
            System.out.println(cert);
        }

        conn.disconnect();
    }

    private static class DefaultTrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }
}

The questions are:

  1. How to parse the expiration date from the certificate, in my code the toString() did output the date,but it is hard to parse.

  2. How to determine the certificate chain, eg, the github certificate with chains 3, how did i know which certificate to get the expiration date from?

How to parse the expiration date from the certificate

Cast it to an X509Certificate and call getNotAfter().

How to determine the certificate chain, eg, the github certificate with chains

You've got it. That's what the Certificate[] array is, as it says in the Javadoc.

How did i know which certificate to get the expiration date from?

Read the Javadoc. "The peer's own certificate first followed by any certificate authorities".

However I don't know why you're doing any of this. Java should already do it all for you.

And please throw away that insecure and incorrect TrustManager implementation. The correct way to handle self-signed certificates is to import them into the client truststore. Please also throw away your insecure HostnameVerifier, and use the default one, or a secure one. Why use HTTPS at all if you don't want it to be secure?

ssl certificate expiry checking using java · GitHub, I need to extract expiration date from SSL certificate on web site in Java,should support both trusted and self-signed certificate,such as:  I need to extract expiration date from SSL certificate on web site in Java,should support both trusted and self-signed certificate,such as: 1.trusted https://github.com 2.self-signed https://mms.n

In Kotlin way, it should look something like this:

fun certInformation(aURL: String) {
    val destinationURL = URL(aURL)
    val conn = destinationURL.openConnection() as HttpsURLConnection
    conn.connect()
    val certs = conn.serverCertificates
    for (cert in certs) {
        println("Certificate is: $cert")
        if (cert is X509Certificate) {
            println(cert.issuerDN.name)
            println(cert.notAfter)
            println(cert.notBefore)
        }
    }
}

Java Code Examples java.security.cert.X509Certificate.checkValidity, i need extract expiration date ssl certificate on web site in java,should support both trusted , self-signed certificate,such as: 1.trusted  My java application uses a keystore file in which I have a certificate which is used in ssl connection with active directory server. What I have to do is to check its expiration date and prompt user if its close to expire. I have to do it while my application starts.

Make sure you append Begin/End lines to PEM format otherwise java does not understand it.

public class CertTest {

    public static final String cert = "-----BEGIN CERTIFICATE-----\n<CERT_DATA>\n-----END CERTIFICATE-----";

    public static void main(String[] args){
        try {
            X509Certificate myCert = (X509Certificate)CertificateFactory
                     .getInstance("X509")
                     .generateCertificate(
                                       // string encoded with default charset
                    new ByteArrayInputStream(cert.getBytes())
                     );
            System.out.println(myCert.getNotAfter());

        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }
}

how to check SSL certificate expiration date programmatically in Java -, The result of my work is the SSL Certificate Checker (ssl-cert-check), which is a Bourne shell script that utilizes OpenSSL to check certificate expiration dates. Extract the client certificate from the pkcs12 and print the end date: openssl pkcs12 -in certificate.p12 -clcerts -nodes | openssl x509 -noout -enddate If you do not include the -clcerts option you could get the end date from a CA certificate instead of from your own certificate. Several CA certificates are usually included within your certificate as part of the trust chain.

How to check ssl certificate expiration date in java, Monitor SSL Certificate Expiration dates with Monitoring Studio. website URL. how to check SSL certificate expiration date programmatically in Java (2) How to​  E.g., openssl x509 -checkend 0 -in file.pem will give the output "Certificate will expire" or "Certificate will not expire" indicating whether the certificate will expire in zero seconds. – L S Jan 26 '18 at 15:07

How To Check Ssl Certificate Expiration Date In Java, All digital certificates contain an expiration date which most client and server applications will check before using the certificates contents. If a client or server  Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. Learn more Programmatically determine SSL certificate's expiration date in Ruby

Proactively Handling Certificate Expiration With ssl-cert-check , How do I know when my SSL certificate expires windows? Certificate Chain. An SSL connection succeeds only if the client can trust the server. Let's take a look at how this trust model works. In Chrome, go to google.com and bring up the Developer Tools (F12 on Windows, Cmd+Option+i on Mac).

Comments
  • Google is directing here even though I'm asking for .NET, so I'll just add this link to a C# answer.
  • I had to add conn.connect(); before the for-loop to get this code to work and stop receiving java.lang.IllegalStateException: connection not yet open
  • my application is an monitoring tool which has a function to monitor the SSL expiration date so that customer could be notified when it will expire soon. So i do not care whether the HTTPS is sucure, i just care when it will expire. what do you mean by "Java should already do it all for you."?
  • @Grace I meant that if the certificate(s) have expired it will throw an SSLHandshakeException. It's hard to believe that a simple calendar entry wouldn't accomplish the purpose without writing any Java code at all.
  • thanks for your quick response. It's OK for me to cast from Certificate to X509Certificate. Anyway our programs aim to automatically monitor the expiration date of one certificate and will notify admin if it will expire soon.Our application is a monitoring system just like nagios etc.That's it. You did help very much:)
  • @Grace I see, have fun with it.
  • There is nothing in the question to suggest that Java didn't understand the certificate format.