Menu
I'm attempting to write an extension which verifies the SHA1 fingerprint of a site's SSL certificate with a third party. However it doesn't seem to be possible to do this either through native JavaScript or Chrome's extension APIs.
I found this question which would seem to do what I want: How can I get the SSL Certificate info for the *current* page in a Firefox Extension
But unfortunately it is only applicable to Firefox. Is there any way to do this in a cross browser compatible way, or even just in Chrome?
757
At the left side of the browser's address bar, click on the lock symbol. In the pop-up dialog box, click Certificate. On the Certificate dialog box, click the Details tab. In the list box on the details page, scroll down until the word Thumbprint is visible in the list and then click Thumbprint.
Click the “Security” icon/tab at the top of the “Page Info” dialog. Click “View Certificate”. Verify that the certificate's name under “Common Name (CN)” exactly matches what this GRC page shows. The SHA1 fingerprint is shown under “Fingerprints”.
To find Just certificate details, click on the menu (⋮) displayed on the top right corner after the browser address bar, now follow More tools >> Developer Tools. Select the Security tab, a second right option with default settings.
Not as of January 2014 (but there are bug reports on file).
Firefox currently only has a way to provide certificate information passively, without any extension API to be able to block a connection that is deemed to have an inappropriate certificate. There's Mozilla Bug #644640 — "Implement extension point for extensions to influence trust decisions in PSM", which is tracking the ability to decline connections.
Chrome, on the other hand, doesn't even let you examine the certificate in the first place; there's Chromium Issue #107793 — "Provide information about the TLS connections to extensions via the webRequest API", which appears to track both the ability to simply examine the certificates in the first place, and also to revoke trust, if needed.
(There's also an earlier Chromium Issue #49469 — "Feature request: Implement Extensions API for accessing information about HTTPS/SSL certificate for web page", but it would seem like Issue #107793 has taken over.)
The draft of Chromium API proposal as linked to Issue 107793 above (note that it's only a draft of the proposed interface, without an actual implementation so far):
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
