How to access ssl certificate content using chrome puppeteer

Question

I would like to access certificate details of a url using chrome puppeteer. Is it possible to do it with current puppeteer API?

Answer 1

You can use response.securityDetails() directly on the page.goto if you need the following methods:

• securityDetails.issuer()
• securityDetails.protocol()
• securityDetails.subjectAlternativeNames()
• securityDetails.subjectName()
• securityDetails.validFrom()
• securityDetails.validTo()

E.g. validTo():

const response = await page.goto(url)
const securityDetails = response.securityDetails()
const expiryDate = securityDetails.validTo() * 1000
console.log(new Date(expiryDate))

Output:

Sunday, December 20, 2020

Answer 2

As Grant Miller said, you can access the full DER-encoded certificate using the Chrome DevTools Protocol Network.getCertificate method, instead of just the securityDetails a puppeteer response provices.

page.on('response', async (res) => {
  if (res.securityDetails() != null) {
    console.info(await page._client.send('Network.getCertificate', {origin: res.url()}));
    /*
      { tableNames: [ 'MIIDwTCCAqmgAwIBAgIJALzkRqUOhsraM...' ] }
      Network.getCertificate - Returns the DER-encoded certificate
    */
  }
}

You can then use any node package to parse each certificate from the encoded certificate chain.

Answer 3

Use the below code to get the certificate list. The result can't be read straight forward. Have each entry stored in a file with pem extension with -----BEGIN CERTIFICATE----- at the start of the line -----END CERTIFICATE-----at the end of line.

Link - https://gist.github.com/be9/23101bcd95c289dcb7b0c3ae0eb49525

  const puppeteer = require('puppeteer');

  process.on('unhandledRejection', (reason, p) => {
      console.error('Unhandled Rejection at: Promise ', p, ' reason: ', reason);
      process.exit(3);
  });

(async () => {
    let browser;
    let exitCode = 0;

    try {
        browser = await puppeteer.launch({
            headless: false,
            devtools: true
        });
        const page = await browser.newPage();

        const client = await page.target().createCDPSession();
        await client.send('Network.enable');

        page.on('response', async (res) => {
            if (res.securityDetails() != null) {
                console.info(await page._client.send('Network.getCertificate', {
                    origin: res.url()
                }));
            }
        });

        await page.goto('https://www.chase.com/', {
            waitUntil: 'networkidle2',
            timeout: 3000000
        });
    } catch (e) {
        console.error('Got exception', e);
        exitCode = 1;
    } finally {
        if (browser != null) {
            await browser.close();
        }
        process.exit(exitCode);
    }
})();

Answer 4

You can access the DER-encoded certificate using the Chrome DevTools Protocol Network.getCertificate method:

const certificate = await page._client.send('Network.getCertificate', {
  origin: 'https://example.com/',
});

for (let i = 0; i < certificate.tableNames.length; i++) {
  console.log(certificate.tableNames[i]);
}