Any Adobe folks out there know if there is a way to do this, or if perhaps, this may be slated for a future enhancement?
2 people found this helpful
Sure you can do this in CF using Java:
<cfset factory = CreateObject("java", "javax.net.ssl.HttpsURLConnection").getDefaultSSLSocketFactory()>
<cfset socket = factory.createSocket("foundeo.com", JavaCast("int",443))>
<cfset certs = socket.getSession().getPeerCertificates()>
<cfloop from="1" to="#ArrayLen(certs)#" index="i">
<cfset cert = certs[i]>
<cfoutput>#cert.getSubjectDN().getName()# - Valid Until #DateFormat(cert.getNotAfter())#</cfoutput><br />
This works on some SSL certificates, but not on everything. I get a "sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path." error when trying to test any certificates from LetsEncrypt.org (using CF10). I've hit other strange java limitations before and am going to research some non-Java (.Net/Commandline/API) methods.
sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
We already use "PRTG Network Monitor" to monitor all our services internally & externally. I discovered that they have a "SSL Certificate Sensor" that can show "Days to expiration (with predefined lower warning and error limits)" in addition to seven (7) other metrics.
NOTE: Their free version of PRTG allows 100 sensors "free forever".