Dump client certificates from SSL to file?

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Dump client certificates from SSL to file?

Last Thread Next Thread Next

Dump client certificates from SSL to file?

Jonas Oholm

08-09-04 12:58 PM

Hi,

I'm using the following ASP-page (taken from
http://support.microsoft.com/defaul...kb;en-us;216829) to dump
client certificates from an SSL connection to a file on the webserver. It
worked fine before on an IIS5 but now, using IIS6 it gives me a strange
output. (see at the end of the messege).

Here's the code:
<% @Language = VBScript %><% Response.Buffer = True
%><html><head><title>Client Certificate Capture</title></head><body><%
'Obtain client name
cname = Request.ClientCertificate("SubjectCN")
'Instantiate the ASP FileSystemObject in order to create a text file
Set fs = Server.CreateObject("Scripting.FileSystemObject")
'Create text file using append mode. The client name is used to create the
file name.
Set outStream = fs.OpenTextFile( "c:\inetpub\wwwroot\dump\" & cname &".txt"
, 8, True )
'Save certificate issuer information to text file
outStream.WriteLine( "# Issuer: " & Request.ClientCertificate("Issuer") )
'Extract certificate subject (user) and account information
'from certificate
su = Request.ClientCertificate( "Subject" )
mx = len(su)
for x = 1 to mx
if mid(su,x,1)=chr(10) or mid(su,x,1)=chr(13) then
su=left(su,x-1)+";"+right(su,mx-x)
end if
next
outStream.WriteLine( "# Subject: " & su )
outStream.WriteLine( "# Account: " & Request.ServerVariables("REMOTE_USER"))
'Extract encrypted certificate text from certificate; encode text as 64-bit
data
uue = " ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn
opqrstuvwxyz0123456789+/"
outStream.WriteLine( "-----BEGIN CERTIFICATE-----" )
cer = Request.ClientCertificate("Certificate")
lcer = len(cer)
l = 0
for x = 1 to lcer step 3
a1 = asc(mid(cer,x,1))
if x+1 <= lcer then
a2 = asc(mid(cer,x+1,1))
if x+2 <=lcer then
a3 = asc(mid(cer,x+2,1))
else
a3 = 0
end if
else
a2 = 0
a3 = 0
end if
outStream.Write mid(uue, (a1 and 252)/4 +1 ,1)
outStream.Write mid(uue, (a1 and 3)*16 + (a2 and 240)/16 +1 ,1)
if x+1 <= lcer then
outStream.Write mid(uue, (a2 and 15)*4 + (a3 and 192)/64 +1 ,1)
if x+2 <= lcer then
outStream.Write mid(uue, (a3 and 63) +1 ,1)
else
outStream.Write "="
end if
else
outStream.Write "=="
end if
l = l +4
if l = 64 then
outStream.WriteLine("")
l = 0
end if
next
if l > 0 then
outStream.WriteLine( "" )
end if
outStream.WriteLine( "-----END CERTIFICATE-----" )
Response.Write "Client certificate information has been received and logged
successfully<br>"
%></body></html>

And here's the output:
-----BEGIN CERTIFICATE-----
Pz8/Pz9BP34/Pz8/Pz9hPyA/uz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz+vPz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/P7s/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz9jYQU/jT8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/OT8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/BT8/
Pz8/Pz8/Pz8/Pz8/Pz8/YUE/Pz8/Pz8/Pz8gPz8/Pz8/Pz8/Pz8/Pz+7Pz8/TGE/
Pz8/QT8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/P2E/rz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Kz8/Pz8/Pz8/Pz8/Pz8/Pys/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Yz8FP4E/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/
Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz/FPz8/Pz8/Pz8/Pz8/Pz8/
-----END CERTIFICATE-----

Anyone seen and solved this problem?
Best regards,
/Jonas

[ Post a follow-up to this message ]

Re: Dump client certificates from SSL to file?

Rubal Jain

08-10-04 12:55 PM

Use this following VBScript.

 ========================================
====================================
==

pathBackTmp = "D:\Backup"

backupSSLcerts()

'Backup SSL certs
Sub backupSSLcerts()
Set objIIS = GetObject("IIS://" & getComputer() & "/W3SVC")
For Each objweb in objIIS
If lCase(objweb.Class) = "iiswebserver" Then
set iiscertobj = CreateObject("IIS.CertObj")
iiscertobj.InstanceName = "W3SVC/" & objweb.Name
On Error Resume Next
iiscertobj.Export _
pathBackTmp & "\" & objweb.ServerComment & ".pfx", _
objweb.ServerComment, _
true, true, false
If err.number = 0 Then
call printLine("Backup SSL Certificate",
objweb.ServerComment & " (" & objweb.Name & ")")
End If
err.Clear
On Error Goto 0
Set iiscertobj = nothing
End If
Next
Set objIIS = Nothing
End Sub

'Get computer name
Function getComputer()
Set objNet = WScript.CreateObject("WScript.Network")
getComputer= objNet.ComputerName
Set objNet = Nothing
End Function

'Print message line
Function printLine(strLabel, strMessage)
strLabel = trim(left(strLabel,30))
strLabel = strLabel & Replace(Space(30-len(strLabel))," ",".")
WScript.Echo "> " & strLabel & ": " & strMessage
End Function
 ========================================
====================================
===

Regards,

Rubal Jain
http://www.Rubal.Net

[ Post a follow-up to this message ]

Re: Dump client certificates from SSL to file?

cmccleary

09-02-04 11:45 PM

Jonas, did this help you at all. It seems that this code is only
backing up the server certificate and not placing the client
certificate in a text file.

I am having the exact same problem that you described. Have you had
any success?

Chris

[ Post a follow-up to this message ]

Re: Dump client certificates from SSL to file?

Jonas Oholm

09-23-04 10:54 PM

Hi Chris,

Nope, I guess Mr. Rubal Jain misunderstood me. I've had no further success.
No one seems to know the answer. I've have sent an email to Michel Gallant
who seems to be a clever guy (http://www.jensign.com/) but he hasn't answere
d
yet.

Regards,
Jonas

"cmccleary" wrote:

> Jonas, did this help you at all. It seems that this code is only
> backing up the server certificate and not placing the client
> certificate in a text file.
>
> I am having the exact same problem that you described. Have you had
> any success?
>
> Chris
>

[ Post a follow-up to this message ]