My obsession with this new way of hitting the PI server using servlets took new turn when a brilliant colleague of mine wanted me to program a way to get target root certificate without having to ask them for or without running a command on your cloud which is harder to access.

And now get the target server root certificates without getting your local IP white-listed ,in the comfort of your own browser, through PI server. (Of course, your server should be able to access the target)

It takes the URL as a query parameter  and will print out the full chain of certificates and also write the root certificate which you can trust in your keystore  in. CER format

Here is  a sample for google



 

Scroll down to get  X509 Certificate as .CER:



 

Here is the snippet which does the job for you.

To build the servlet you can always refer to SICF on Pi/PO

To enable logging you can refer to  Logging Incoming Requests

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {



		try 

		{

			String url = request.getParameter("url");

			final String LINE_SEPARATOR = System.getProperty("line.separator");

			

			

			HttpsURLConnection connection = (HttpsURLConnection) new URL(null,url,new sun.net.www.protocol.https.Handler()).openConnection();

			connection.setRequestMethod("GET");

			connection.connect();

			

			Certificate[] certs = connection.getServerCertificates();

			for (Certificate cert : certs) {

			 

			  

			  response.getWriter().append("Certificate is : " + cert);

			}

			 

			 if (certs == null || certs.length == 0 || (!(certs[0] instanceof X509Certificate))) {

				    throw new SSLPeerUnverifiedException("No server's end-entity certificate");

				  }

			 

			 X509Certificate x509cert = ((X509Certificate) certs[0]);

			

			 Base64.Encoder encoder = Base64.getMimeEncoder(64, LINE_SEPARATOR.getBytes());

			 String cert_begin = "-----BEGIN CERTIFICATE-----\n";

			 String end_cert = "\n-----END CERTIFICATE-----";

			

			 byte[] derCert = x509cert.getEncoded();

			 

			 String pemCertPre = new String(encoder.encode(derCert));

			 String pemCert = cert_begin + pemCertPre + end_cert;

			 

			 

			 

			 response.getWriter().append("X509 Certificate in encoded form : \n").append(pemCert);

			 

		} catch (Exception e) {

			// TODO Auto-generated catch block

			response.getWriter().append("Exception occured : ").append(e.getMessage() +" :");

			

			e.printStackTrace(response.getWriter());

		}

		

		

	}

 

if the below snippet shows error, on the underlined part , you need to set the access restrictions to Warning as shown in the next picture.



 



The import section:



 

This code was tested by my colleague and for him the formatting did not render properly on Microsoft edge but worked on Firefox and Chrome.

Disclaimer : We are not having this for productive use and so should you.

 

Regards

Fariha