Check in JavaScript if an SSL Certificate is valid

Question

Is there a way to check in JavaScript if given a host its SSL certificate is valid? (non blocking)

In my case, I want to display: "you can also use https://.." if via JavaScript I can make a request to https://my_url without being asked to accept an untrusted certificate.

Can this be done asynchronously?

Answer 1

Take a look here: https://support.mozilla.org/pl/questions/923494

<img src="https://the_site/the_image" onerror="redirectToCertPage()">

This solution is tested and working in current versions of FF and Chrome (as of 2022):

<script> var sslCertTrusted = false; </script>
<script src="https://example.com/ssltest.js"></script>
<script> 
    if (!sslCertTrusted) 
    {
        alert('Sorry, you need to install the certificate first.');
        window.location.replace('http://example.com/cert_install_instructions/');
    }
    else
    {
        // alert('Redirecting to secure connection')
        window.location.replace('https://example.com/');
    }
<script>

You of course need to make your web server return this code under the URL https://example.com/ssltest.js:

sslCertTrusted = true;

I'm not exactly sure about the details. But I've seen similar technology used to detect adblocking etc. You may need to piggyback on the window object maybe, if the variable can't be modified by another script, but generally making the above proof of concept work is left as an exercise to the reader.

Answer 2

What I've found up to now - it is possible with Firefox, don't know yet about other browsers:

https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL