Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What software is sending User-Agent "Test Certificate Info"?

Tags:

user-agent

Google is surprisingly mute on this issue.

In my company's web software error logs, we're seeing multiple individuals with an Apache access log entry that has this in it: ... HTTP/1.1" 500 - "-" "Test Certificate Info"

I have no clue what piece of software this comes from or why it's sending us requests with malformed URLs... but it'd be nice to find out... and perhaps to correct it if it's open source software. :)

(This might be a ServerFault question, but I'm a developer so I figured I'd ask here first.)

like image 945
ckrailo Avatar asked Jun 22 '10 21:06

ckrailo


3 Answers

My guess someone read this and didn't end up changing the example code.

like image 75
Andrew Song Avatar answered Nov 02 '22 13:11

Andrew Song


It's used in some sample code on an MSDN blog for getting SSL cert info. So basically it could be any C++ app which has lifted the code from there, or used that as a basis. Or any other app which happens to use the same UA string, of course.

The point in the sample is just to complete the SSL handshake so it can get certificate info, and it seems to pass in an awful lot of NULLs to HttpOpenRequest, so the error is to be expected and rather inconsequential.

like image 9
Chris Avatar answered Nov 02 '22 12:11

Chris


For those of you that don't want your logs spammed with this script kiddie nonsense, you can add the following filteringRules to your web.config file to block the user agent entirely:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <filteringRules>
          <filteringRule name="Block Bad User Agent" scanUrl="false" scanQueryString="false">
            <scanHeaders>
              <add requestHeader="User-Agent" />
            </scanHeaders>
            <denyStrings>
              <add string="Test Certificate Info" />
            </denyStrings>
          </filteringRule>
        </filteringRules>
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>
like image 8
Dieter Fortune Avatar answered Nov 02 '22 14:11

Dieter Fortune