(Tcl) Get the Server Certificate, Certificate Chain, and Root CA Certificate

Demonstrates how to get the HTTP server certificate, its certificate chain, and the root CA certificate.

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

# We're getting the SSL/TLS certificate, so make sure to connect to the SSL/TLS port (443).
set sslCert [new_CkCert]

set success [CkHttp_GetServerCert $http "apple.com" 443 $sslCert]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkCert $sslCert
    exit
}

set certChain [new_CkCertChain]

set success [CkCert_BuildCertChain $sslCert $certChain]
if {$success == 0} then {
    puts [CkCert_lastErrorText $sslCert]
    delete_CkHttp $http
    delete_CkCert $sslCert
    delete_CkCertChain $certChain
    exit
}

set cert [new_CkCert]

set i 0
set numCerts [CkCertChain_get_NumCerts $certChain]
while {$i < $numCerts} {
    CkCertChain_CertAt $certChain $i $cert
    puts "SubjectDN $i: [CkCert_subjectDN $cert]"
    puts "IssuerDN $i: [CkCert_issuerDN $cert]"
    set i [expr $i + 1]
}

# If the certificate chain reaches the root CA cert, then the last cert in the chain
# is the root CA cert.
if {[CkCertChain_get_ReachesRoot $certChain] == 1} then {
    set caCert [new_CkCert]

    CkCertChain_CertAt $certChain [expr $numCerts - 1] $caCert
    puts "CA Root Cert: [CkCert_subjectDN $caCert]"
}


delete_CkHttp $http
delete_CkCert $sslCert
delete_CkCertChain $certChain
delete_CkCert $cert
delete_CkCert $caCert