Sample code for 30+ languages & platforms
Tcl

Examine SSL/TLS Server Certificate

See more Socket/SSL/TLS Examples

Demonstrates how an application can examine and check a server's SSL/TLS certificate.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set socket [new_CkSocket]

# Connect to a server.
set useTls 1
set maxWaitMs 2000
set success [CkSocket_Connect $socket "www.intel.com" 443 $useTls $maxWaitMs]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $socket]
    delete_CkSocket $socket
    exit
}

# If we get here, the TLS connection ws made..
# In any SSL/TLS handshake, the server sends its certificate in a TLS handshake message.
# Chilkat will keep it cached within the object that made the connection.
# Get the server's cert and examine a few things.
set cert [new_CkCert]

CkSocket_GetServerCert $socket $cert

puts "Distinguished Name: [CkCert_subjectDN $cert]"
puts "Common Name: [CkCert_subjectCN $cert]"
puts "Issuer Distinguished Name: [CkCert_issuerDN $cert]"
puts "Issuer Common Name: [CkCert_issuerCN $cert]"

puts "Expired: [CkCert_get_Expired $cert]"
puts "Revoked: [CkCert_get_Revoked $cert]"
puts "Signature Verified: [CkCert_get_SignatureVerified $cert]"
puts "Trusted Root: [CkCert_get_TrustedRoot $cert]"

# Sample output:

# Distinguished Name: C=US, ST=California, O=Intel Corporation, CN=*.intel.com
# Common Name: *.intel.com
# Issuer Distinguished Name: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
# Issuer Common Name: Sectigo RSA Organization Validation Secure Server CA
# Expired: False
# Revoked: False
# Signature Verified: True
# Trusted Root: True

delete_CkSocket $socket
delete_CkCert $cert