If you were using OpenSSL, you can print out the entire contents of a certificate. If you load an X.509 (SSL\/TLS) certificate in Scala or Java, you can get specific fields out of the JVM provided libraries, but I find it’s a little confusing to figure out which fields you’re looking for sometimes. Conveniently you can toString the certificate and get the certificate information.<\/p>\n
Here’s an example (this shows the root, intermediate, and final certificates):<\/p>\n
\nval newConn = \n new URL (\"https:\/\/www.garysieling.com\")\n .openConnection\n\nval conn: HttpsURLConnectionImpl = newConn match {\n case httpsConn: HttpsURLConnectionImpl => httpsConn\n case conn => ???\n}\n\nconn.connect\nconn.getContent\n \nprintln (\n conn.getServerCertificateChain\n .map(_.toString)\n .mkString (\"\\n\\n\") \n)\n<\/pre>\nHere’s an example of the sort of thing you get:<\/p>\n
\n[\n Version: V3\n Subject: CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc.,\n C=US\n Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11\n\n Key: Sun RSA public key, 2048 bits\n modulus: 281834807105255361629368755650440674348550860753438508599739085968134\n75231546344880350045894173437055655555886160439888904648822836367923132270904881\n29241681462840440982359463411349300256327264194010087250288174239025357278442711\n16311269910687693830650651489860305350318443355101699105221265124922233818987898\n80979250769496606792378963399784109250777930537641284383655829327884051499729615\n68185871033248508910320756151532623737325374487508122767893046575528448678898649\n63230065100582757061919277210623434099944532760019026682195684214096263544309007\n02769582900713409379681959368449710206322670067079355982945992205091\n public exponent: 65537\n Validity: [From: Fri Aug 29 22:24:58 GMT 2014,\n To: Fri May 20 22:24:58 GMT 2022]\n Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US\n SerialNumber: [ 023a78]\n\nCertificate Extensions: 7\n[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false\nAuthorityInfoAccess [\n [\n accessMethod: ocsp\n accessLocation: URIName: http:\/\/g.symcd.com\n]\n]\n\n[2]: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e\n0010: B8 CA CC 4E ...N\n]\n]\n\n[3]: ObjectId: 2.5.29.19 Criticality=true\nBasicConstraints:[\n CA:true\n PathLen:0\n]\n\n[4]: ObjectId: 2.5.29.31 Criticality=false\nCRLDistributionPoints [\n [DistributionPoint:\n [URIName: http:\/\/g.symcb.com\/crls\/gtglobal.crl]\n]]\n\n[5]: ObjectId: 2.5.29.32 Criticality=false\nCertificatePolicies [\n [CertificatePolicyId: [2.16.840.1.113733.1.7.54]\n[PolicyQualifierInfo: [\n qualifierID: 1.3.6.1.5.5.7.2.1\n qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F .%http:\/\/w\nww.geo\n0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com\/resour\n0020: 63 65 73 2F 63 70 73 ces\/cps\n\n]] ]\n]\n\n[6]: ObjectId: 2.5.29.15 Criticality=true\nKeyUsage [\n Key_CertSign\n Crl_Sign\n]\n\n[7]: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: 0B 50 EC 77 EF 2A 9B FF EC 03 A1 0A FF AD C6 E4 .P.w.*..........\n0010: 2A 18 C7 3E *..>\n]\n]\n\n]\n Algorithm: [SHA256withRSA]\n Signature:\n0000: 33 24 D5 90 AA 29 0C 35 B9 2F C3 C7 42 93 C0 C6 3$...).5.\/..B...\n0010: 10 4B 03 08 76 84 10 A2 E0 E7 53 12 27 F2 0A DA .K..v.....S.'...\n0020: 7F 3A DC FD 5C 79 5A 8F 17 74 43 53 B1 D5 D1 5D .:..\\yZ..tCS...]\n0030: 59 B9 A6 84 64 CA F1 3A 0A 59 96 10 BF A9 81 57 Y...d..:.Y.....W\n0040: 8B 5C 87 DC 7F E3 E4 BB 05 7A A0 32 09 13 4E 10 .\\.......z.2..N.\n0050: 81 28 1F 9C 03 62 BC F4 01 B5 29 83 46 07 B9 E7 .(...b....).F...\n0060: B8 5D C8 E9 D1 DD AD 3B F8 34 DB C1 D1 95 A9 91 .].....;.4......\n0070: 18 ED 3C 2C 37 11 4D CC FE 53 3E 50 43 F9 C3 56 ..<,7.M..S>PC..V\n0080: 41 AC 53 9B 6C 05 B2 9A E2 E0 59 57 30 32 B6 26 A.S.l.....YW02.&\n0090: 4E 13 25 CD FA 48 70 0F 75 55 60 11 F5 3B D5 5E N.%..Hp.uU`..;.^\n00A0: 5A 3C 8B 5B 0F 0F 62 42 48 61 85 8B 10 F4 C1 88 Z<.[..bBHa......\n00B0: BF 7F 5F 8A C2 D7 CD 2B 94 5C 1F 34 4A 08 AF EB .._....+.\\.4J...\n00C0: AE 89 A8 48 75 55 95 1D BB C0 9A 01 B9 F4 03 22 ...HuU.........\"\n00D0: 3E D4 E6 52 30 0D 67 B9 C0 91 FD 2D 4C 30 8E BD >..R0.g....-L0..\n00E0: 8C A5 04 91 BB A4 AB 7F 0F D8 6F F0 66 00 C9 A3 ..........o.f...\n00F0: 5C F5 B0 8F 83 E6 9C 5A E6 B6 B9 C5 BC BE E4 02 \\......Z........\n\n]\n<\/pre>\n","protected":false},"excerpt":{"rendered":"If you were using OpenSSL, you can print out the entire contents of a certificate. If you load an X.509 (SSL\/TLS) certificate in Scala or Java, you can get specific fields out of the JVM provided libraries, but I find it’s a little confusing to figure out which fields you’re looking for sometimes. Conveniently you … <\/p>\n