Skip to content Skip to sidebar Skip to footer
Home / Fingerprinting / Google Chrome Extension / Javascript / Ssl / Ssl Certificate

Get Fingerprint Of Current Page's SSL Certificate In A Chrome Extension

Post a Comment
I'm attempting to write an extension which verifies the SHA1 fingerprint of a site's SSL certificate with a third party. However it doesn't seem to be possible to do this either th

Solution 1:

Not as of January 2014 (but there are bug reports on file).

Firefox

Firefox currently only has a way to provide certificate information passively, without any extension API to be able to block a connection that is deemed to have an inappropriate certificate. There's Mozilla Bug #644640 — "Implement extension point for extensions to influence trust decisions in PSM", which is tracking the ability to decline connections.

Chromium

Chrome, on the other hand, doesn't even let you examine the certificate in the first place; there's Chromium Issue #107793 — "Provide information about the TLS connections to extensions via the webRequest API", which appears to track both the ability to simply examine the certificates in the first place, and also to revoke trust, if needed.

(There's also an earlier Chromium Issue #49469 — "Feature request: Implement Extensions API for accessing information about HTTPS/SSL certificate for web page", but it would seem like Issue #107793 has taken over.)

The draft of Chromium API proposal as linked to Issue 107793 above (note that it's only a draft of the proposed interface, without an actual implementation so far):


Post a Comment for "Get Fingerprint Of Current Page's SSL Certificate In A Chrome Extension"