To export the TLS certificates which eCargo uses, run the following PowerShell script. This will download and export each certificate in the certificate chain (for both ecargo.co.nz and test.ecargo.co.nz, if they are different) to PEM files in the current working directory.
Note that, according to current security best practices, the server TLS certificates will be renewed and updated regularly and the certificates exported with this script will become outdated.
function ExportCertificationAsPEM($Certificate) {
"-----BEGIN CERTIFICATE-----`r`n" +
"$([Convert]::ToBase64String($Certificate.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert), [Base64FormattingOptions]::InsertLineBreaks))`r`n" +
"-----END CERTIFICATE-----`r`n"
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls
'test.ecargo.co.nz', 'www.ecargo.co.nz' | % {
$webRequest = [Net.WebRequest]::Create("https://$_")
$script:rootCertificate = $null
$webRequest.ServerCertificateValidationCallback = {
param(
[object]$sender,
[Security.Cryptography.X509Certificates.X509Certificate] $certificate,
[Security.Cryptography.X509Certificates.X509Chain] $chain,
[Net.Security.SslPolicyErrors] $sslPolicyErrors
)
$script:rootCertificate = $chain.ChainElements[$chain.ChainElements.Count - 1].Certificate
return $sslPolicyErrors -eq [Net.Security.SslPolicyErrors]::None
}
$webRequest.GetResponse() | Out-Null
Set-Content -value (ExportCertificationAsPEM $rootCertificate) -Encoding UTF8 -Path "$pwd\$($rootCertificate.GetNameInfo('SimpleName', $false)).pem"
$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
$chain.build($webRequest.ServicePoint.Certificate) | Out-Null
$chain.ChainElements.Certificate | % { Set-Content -value (ExportCertificationAsPEM $_) -Encoding Ascii -Path "$pwd\$($_.GetNameInfo('SimpleName', $false)).pem" }
}
Comments
0 comments
Article is closed for comments.