Sample code for 30+ languages & platforms
PureBasic

Examine SSL/TLS Server Certificate

See more Socket/SSL/TLS Examples

Demonstrates how an application can examine and check a server's SSL/TLS certificate.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkSocket.pb"
IncludeFile "CkCert.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    socket.i = CkSocket::ckCreate()
    If socket.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Connect to a server.
    useTls.i = 1
    maxWaitMs.i = 2000
    success = CkSocket::ckConnect(socket,"www.intel.com",443,useTls,maxWaitMs)
    If success = 0
        Debug CkSocket::ckLastErrorText(socket)
        CkSocket::ckDispose(socket)
        ProcedureReturn
    EndIf

    ; If we get here, the TLS connection ws made..
    ; In any SSL/TLS handshake, the server sends its certificate in a TLS handshake message.
    ; Chilkat will keep it cached within the object that made the connection.
    ; Get the server's cert and examine a few things.
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkSocket::ckGetServerCert(socket,cert)

    Debug "Distinguished Name: " + CkCert::ckSubjectDN(cert)
    Debug "Common Name: " + CkCert::ckSubjectCN(cert)
    Debug "Issuer Distinguished Name: " + CkCert::ckIssuerDN(cert)
    Debug "Issuer Common Name: " + CkCert::ckIssuerCN(cert)

    Debug "Expired: " + Str(CkCert::ckExpired(cert))
    Debug "Revoked: " + Str(CkCert::ckRevoked(cert))
    Debug "Signature Verified: " + Str(CkCert::ckSignatureVerified(cert))
    Debug "Trusted Root: " + Str(CkCert::ckTrustedRoot(cert))

    ; Sample output:

    ; Distinguished Name: C=US, ST=California, O=Intel Corporation, CN=*.intel.com
    ; Common Name: *.intel.com
    ; Issuer Distinguished Name: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
    ; Issuer Common Name: Sectigo RSA Organization Validation Secure Server CA
    ; Expired: False
    ; Revoked: False
    ; Signature Verified: True
    ; Trusted Root: True


    CkSocket::ckDispose(socket)
    CkCert::ckDispose(cert)


    ProcedureReturn
EndProcedure