padlock

If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.

Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.

Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by login into an individual server and check the certificates but it is very difficult if your environment size is very high.

To overcome this problem, I have to build a tool, which will give you all required details.

Source Code:

import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.X509Certificate;

/**
*
* @author sidd
**/

public class SSLFactory_Client {
    public static void main(String[] args){
       String hostname;
       Integer port;
       if(args.length!=2){
           hostname = "google.com";
           port = 443;
       }else{
           hostname = args[0];
           port = Integer.valueOf( args[1]);
       }

       SSLFactory_Client sclient = new SSLFactory_Client();
       SSLContext sslContext = sclient.createSSLContext();
       try {
           SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
           SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(hostname, port);
           sslSocket.startHandshake();
           SSLSession sslSession = (SSLSession) sslSocket.getSession();
            
           System.out.println("SSLSession :");
           System.out.println("\tSessionID: "+  new BigInteger(sslSession.getId()));
           System.out.println("\tProtocol : "+sslSession.getProtocol());
           System.out.println("\tCipher suite : "+sslSession.getCipherSuite());
           System.out.println("\tServer: "+sslSession.getPeerHost());
           System.out.println("\tSSL Port: "+sslSession.getPeerPort());

           System.out.println("\nSupported Protocol :");
           for(int i=0;i<sslSocket.getEnabledProtocols().length;i++){
               System.out.println("\t"+sslSocket.getEnabledProtocols()[i]);
           }

           System.out.println("\nSupported CipherSuites: ");
           for(int j=0;j<sslSocket.getEnabledCipherSuites().length;j++){
               System.out.println("\t"+sslSocket.getEnabledCipherSuites()[j]);
           }

           X509Certificate[] certs = (X509Certificate[]) sslSession.getPeerCertificateChain();
           System.out.println("\nCertificate Chain Info :");
           for (int i =0;i<certs.length;i++){
               System.out.println("\tSubject DN :"+((X509Certificate) certs[i]).getSubjectDN());
               System.out.println("\tIssuer DN  : "+((X509Certificate) certs[i]).getIssuerDN());
               System.out.println("\tSerial No. : "+((X509Certificate) certs[i]).getSerialNumber());
               System.out.println("\tExpires On : "+((X509Certificate) certs[i]).getNotAfter()+"\n");
          }   
       } catch (Exception ex) {
           ex.printStackTrace();
       }
    } 

    private SSLContext createSSLContext(){
       try{
           KeyStore keyStore = KeyStore.getInstance("JKS");
           keyStore.load(new FileInputStream("/opt/jdk1.8.0_102/jre/lib/security/cacerts"),"changeit".toCharArray());        

           // Create key manager
           KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
           keyManagerFactory.init(keyStore, "changeit".toCharArray());
           KeyManager[] km = keyManagerFactory.getKeyManagers();          

           // Create trust manager
           TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
           trustManagerFactory.init(keyStore);
           TrustManager[] tm = trustManagerFactory.getTrustManagers();
          
           // Initialize SSLContext
           SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
           sslContext.init(km,  tm, null);
           return sslContext; 
       } catch (Exception ex){
           ex.printStackTrace();
           return null;
       }
    }
}

Compile the code using javac (e.g. javac SSLFactory_Client .java).

Now, you can execute the program, you need to pass the hostname and port during the execution (e.g java SSLFactory_Client “google.com” 443) and you will get the output something like below.

Output:

Note: This program can also be used for testing two-way SSL/TLS connection.

Last updated: October 20, 2017