ssl expiration date

Czech_Tomasz · August 5, 2023, 10:02am

Hi,

Is it possible to get the SSL certificate expiration date that the XDATA server is using?

I'm thinking that is it possible from inside of the XDATA services method?
The main reason is to check ssl certificate expiration date and warn about this the WebApp user that e.g. for 30 days the certificate will be expired you must import a new valid certificate.

AndrewSimard · August 5, 2023, 9:09pm

Fun question!! Here's a way to check the SSL Certificate of any server, not just whatever XData is running on. Note that I've tried this on Delphi 10.3 using the TNetHTTPClient component. Something similar could also be done with Indy, if that's not available.

Steps:

Drop a TNetHTTPClient component on the form (Unit2.pas in the XData default project).
Set the SecureProtocols property to be just SSL3 and TLS12, or whatever you need.
In the OnValidateServerCertificate event, add something like this.

procedure TMainForm.NetHTTPClient1ValidateServerCertificate(
  const Sender: TObject; const ARequest: TURLRequest;
  const Certificate: TCertificate; var Accepted: Boolean);
begin
  mmInfo.Lines.Add('');
  mmInfo.Lines.Add('Server Certificate Check:');
  mminfo.Lines.add('...Certificate Name: '+certificate.CertName);
  mmInfo.Lines.Add('...Certificate Issuer: '+StringReplace(Certificate.Issuer, chr(10), ' / ', [rfReplaceAll]));
  mmInfo.Lines.Add('...Not Valid Before: '+FormatDateTime('yyyy-MM-dd hh:nn:ss', Certificate.Start)+' UTC');
  mmInfo.Lines.Add('...Not Valid AFter: '+FormatDateTime('yyyy-MM-dd hh:nn:ss', Certificate.Expiry)+' UTC');
  mmInfo.Lines.Add('...Days Remaining: '+IntToStr(DaysBetween(Certificate.Expiry, Now)));
end;

Elsewhere, you can trigger the event above by making a request to the website you want to check

  // Check the expiration date of the SSL certificate
  NetHTTPClient1.Get('https://www.blaugment.com');

The output should be something like the following.

Server Certificate Check:
...Certificate Name: blaugment.com
...Certificate Issuer: US / Let's Encrypt / R3
...Not Valid Before: 2023-07-18 03:12:19 UTC
...Not Valid AFter: 2023-10-16 03:12:18 UTC
...Days Remaining: 71

AndrewSimard · August 5, 2023, 10:21pm

Note that this also makes it easy to add additional SSL checks for other servers that your XData server may depend upon, such as a mail server, for example. Just add another Get call for each server that is of interest, even if it isn't one you control yourself.

Czech_Tomasz · August 8, 2023, 7:36am

Ok ... thx Andrew ... as always I can count on you :)

AndrewSimard · August 8, 2023, 7:37am

Happy to help! Always love a good puzzle

system · August 9, 2023, 7:38am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.