|
Home > Archive > IIS Server Security > September 2004 > Dump client certificates from SSL to file?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Dump client certificates from SSL to file?
|
|
| Jonas Oholm 2004-08-09, 7:58 am |
| Hi,
I'm using the following ASP-page (taken from
http://support.microsoft.com/defaul...kb;en-us;216829) to dump
client certificates from an SSL connection to a file on the webserver. It
worked fine before on an IIS5 but now, using IIS6 it gives me a strange
output. (see at the end of the messege).
Here's the code:
<% @Language = VBScript %><% Response.Buffer = True
%><html><head><title>Client Certificate Capture</title></head><body><%
'Obtain client name
cname = Request.ClientCertificate("SubjectCN")
'Instantiate the ASP FileSystemObject in order to create a text file
Set fs = Server.CreateObject("Scripting.FileSystemObject")
'Create text file using append mode. The client name is used to create the
file name.
Set outStream = fs.OpenTextFile( "c:\inetpub\wwwroot\dump\" & cname &".txt"
, 8, True )
'Save certificate issuer information to text file
outStream.WriteLine( "# Issuer: " & Request.ClientCertificate("Issuer") )
'Extract certificate subject (user) and account information
'from certificate
su = Request.ClientCertificate( "Subject" )
mx = len(su)
for x = 1 to mx
if mid(su,x,1)=chr(10) or mid(su,x,1)=chr(13) then
su=left(su,x-1)+";"+right(su,mx-x)
end if
next
outStream.WriteLine( "# Subject: " & su )
outStream.WriteLine( "# Account: " & Request.ServerVariables("REMOTE_USER"))
'Extract encrypted certificate text from certificate; encode text as 64-bit
data
uue = " ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
opqrstuvwxyz0123456789+/"
outStream.WriteLine( "-----BEGIN CERTIFICATE-----" )
cer = Request.ClientCertificate("Certificate")
lcer = len(cer)
l = 0
for x = 1 to lcer step 3
a1 = asc(mid(cer,x,1))
if x+1 <= lcer then
a2 = asc(mid(cer,x+1,1))
if x+2 <=lcer then
a3 = asc(mid(cer,x+2,1))
else
a3 = 0
end if
else
a2 = 0
a3 = 0
end if
outStream.Write mid(uue, (a1 and 252)/4 +1 ,1)
outStream.Write mid(uue, (a1 and 3)*16 + (a2 and 240)/16 +1 ,1)
if x+1 <= lcer then
outStream.Write mid(uue, (a2 and 15)*4 + (a3 and 192)/64 +1 ,1)
if x+2 <= lcer then
outStream.Write mid(uue, (a3 and 63) +1 ,1)
else
outStream.Write "="
end if
else
outStream.Write "=="
end if
l = l +4
if l = 64 then
outStream.WriteLine("")
l = 0
end if
next
if l > 0 then
outStream.WriteLine( "" )
end if
outStream.WriteLine( "-----END CERTIFICATE-----" )
Response.Write "Client certificate information has been received and logged
successfully<br>"
%></body></html>
And here's the output:
-----BEGIN CERTIFICATE-----
Pz8/Pz9BP34/Pz8/Pz9hPyA/uz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz+vPz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/P7s/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz9jYQU/jT8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/OT8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/BT8/
Pz8/Pz8/Pz8/Pz8/Pz8/YUE/Pz8/Pz8/Pz8gPz8/Pz8/Pz8/Pz8/Pz+7Pz8/TGE/
Pz8/QT8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/P2E/rz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Kz8/Pz8/Pz8/Pz8/Pz8/Pys/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Yz8FP4E/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz/FPz8/Pz8/Pz8/Pz8/Pz8/
-----END CERTIFICATE-----
Anyone seen and solved this problem?
Best regards,
/Jonas
| |
| Rubal Jain 2004-08-10, 7:55 am |
| Use this following VBScript.
========================================
======================================
pathBackTmp = "D:\Backup"
backupSSLcerts()
'Backup SSL certs
Sub backupSSLcerts()
Set objIIS = GetObject("IIS://" & getComputer() & "/W3SVC")
For Each objweb in objIIS
If lCase(objweb.Class) = "iiswebserver" Then
set iiscertobj = CreateObject("IIS.CertObj")
iiscertobj.InstanceName = "W3SVC/" & objweb.Name
On Error Resume Next
iiscertobj.Export _
pathBackTmp & "\" & objweb.ServerComment & ".pfx", _
objweb.ServerComment, _
true, true, false
If err.number = 0 Then
call printLine("Backup SSL Certificate",
objweb.ServerComment & " (" & objweb.Name & ")")
End If
err.Clear
On Error Goto 0
Set iiscertobj = nothing
End If
Next
Set objIIS = Nothing
End Sub
'Get computer name
Function getComputer()
Set objNet = WScript.CreateObject("WScript.Network")
getComputer= objNet.ComputerName
Set objNet = Nothing
End Function
'Print message line
Function printLine(strLabel, strMessage)
strLabel = trim(left(strLabel,30))
strLabel = strLabel & Replace(Space(30-len(strLabel))," ",".")
WScript.Echo "> " & strLabel & ": " & strMessage
End Function
========================================
=======================================
Regards,
Rubal Jain
http://www.Rubal.Net
| |
| cmccleary 2004-09-02, 6:45 pm |
| Jonas, did this help you at all. It seems that this code is only
backing up the server certificate and not placing the client
certificate in a text file.
I am having the exact same problem that you described. Have you had
any success?
Chris
| |
| Jonas Oholm 2004-09-23, 5:54 pm |
| Hi Chris,
Nope, I guess Mr. Rubal Jain misunderstood me. I've had no further success.
No one seems to know the answer. I've have sent an email to Michel Gallant
who seems to be a clever guy (http://www.jensign.com/) but he hasn't answered
yet.
Regards,
Jonas
"cmccleary" wrote:
> Jonas, did this help you at all. It seems that this code is only
> backing up the server certificate and not placing the client
> certificate in a text file.
>
> I am having the exact same problem that you described. Have you had
> any success?
>
> Chris
>
|
|
|
|
|