Jump to content
PizzaProgram

How to get CER expiring date?

By PizzaProgram, in ICS - Internet Component Suite

Recommended Posts

PizzaProgram    9

PizzaProgram
Posted

Hi, 😉

 

How to get SSL CERTIFICATE expiring date using OpenSSL3 ? 

    SslHttpCli := TSslHttpCli.Create(nil);
    SslContext := TSslContext.Create(nil);
    SslContext.SslCertLines.Text := cer1;   // cer1 is an ansiString ' --- BEGIN CER... '
    endOfLife :=  // ?

 

Share this post

Link to post

PizzaProgram    9

PizzaProgram
Posted

hmmm.... I was happy too soon.

 

These are the results:

  ValidNotAfter = -657434

  ValidNotBefore = 2958466 

  isCertLoaded = False

 

Don't I need to call a procedure for "digesting", before getting these values?

Share this post

Link to post

Angus Robertson    574

Angus Robertson
Posted

The SslCertX509 property is type TX509Base and has methods to load, save and examine the content of the certificate and private key, IsCertLoaded, IsPKeyLoaded and IsInterLoaded say what has been loaded, so in your case nothing because you have not yet called InitContext, only created it in your code snippet.   

 

If you just want to examine a certificate text, load it into a TX509Base object instead with the LoadFromTextEx method which will return any errors. 

 

Angus

Share this post

Link to post

PizzaProgram    9

PizzaProgram
Posted

Thank you very much for the detailed answer!

 

The final code is: 

uses OverbyteIcsWSocket, OverbyteIcsSSLEAY;
...

function get_certificate_expire_date(cerText: string):TDateTime;
var
	X509 : TX509Base ;
	err  : string;
begin
	Result := 0;
	OverbyteIcsSSLEAY.GSSL_DLL_DIR := SS3_path; // if you store the OpenSSL DLL-s somewhere elsewhere
	X509 := TX509Base.Create(nil);
	X509.LoadFromTextEx( cerText, croNo, croTry, '', err  );
	if err = '' then
		Result := X509.ValidNotAfter  // TDateTime
	else
		myLOG( 'Error during getting CER expire:' + CRLF + err );
	X509.Free;
end;

 

Share this post

Link to post

Angus Robertson    574

Angus Robertson
Posted

TX509Base has dozens of methods for loading, saving, and examining certificates, but was never properly documented. 

 

However, virtually all these properties and methods are used in the OverbyteIcsPemtool,dpr sample, also the TSslCertTools derivative that allows creation and signing of certificates.

 

Angus

 

  • Thanks 1

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing ICS - Internet Component Suite
×