This is a quick little post about how I realised that there’s a nice and easy way to view detailed information about a web certificate available to most sensible people: Firefox
TL;DR: code
This is a built-in feature of firefox: click on the little padlock icon in the address bar when visiting any website using TLS, select the view cert info and a new tab will open displaying info about the cert. It’s pretty nice, they’ve moved away from the old menu-window interface and turned it into an actual web-rendered page. This has a few benefits:
It looks nice.
You can easily read all the info that can be contained in a cert, instead of it all being cramped in a little system window.
There’s, technically, an API interface to this.
Now, the last one is an odd one, but it’s actually the reason that I wanted to write this post. You see, I’ve been working a lot with the provisioning of keys & certs for infrastructure as of late, and it has lead to me needing to check the contents of certificates a fair bit to make sure they have the right information. This is easy once you have your infrastructure set up and everything works and you can connect to the bloody thing to check the cert by simply visiting the url, but that leaves you a bit out of luck when you’re not quite there yet. Or, as I found myself, when you’re debugging and testing scripting that you’re writing to try and automate this cert generation process. The only option available to me here was to either use openssl to parse the cert and decipher the output from the console, or go hunting for a new 3rd-party tool to render all the details in a more human-readable manner.
This is what lead me to my realisation: when firefox is displaying the cert, it’s doing so by simply parsing the base64 encoded certificate from the url of the page. This means that we can use firefox’s nice web-rendery view (yaaay, it’s already installed) to view certs stored locally. As such I wrote up the smallest Python script i could to read these files in a much nicer way*. I love automating the little things like this, it’s the best way to keep up productivity.
#!/usr/bin/python3
import os
import sys
import urllib.parse
if len(sys.argv) < 2:
raise ValueError('Need to pass file paths in as args.')
for arg in sys.argv[1:]:
with open(arg) as f:
lines = [
line.strip() for line in f if not line.startswith('---')
]
param = urllib.parse.quote(''.join(lines), safe='')
os.system("/Applications/Firefox.app/Contents/MacOS/firefox about:certificate?cert={}".format(param))
*caveat: Due to the file path used, this will only work on MacOS . That said, it would be trivial to switch the paths out to your system’s one, the executable should take the same arg.