I know we can retrieve the SSL cert with
openssl s_client -connect host:port command. Is there any way to find out the file system location of the cert that was used by the process handling the SSL traffic? Am I being very unreasonable?
- 2I doubt that's possible: leaking this information could be a security risk.janos– janos2016-12-25 19:46:00 +00:00Commented Dec 25, 2016 at 19:46
- 1It would depend on the service itself being awfully badly designed. If you do encounter one, you should file a major bug report.Julie Pelletier– Julie Pelletier2016-12-25 19:47:06 +00:00Commented Dec 25, 2016 at 19:47
- Could it be that you meant the location of the CA certificates?phk– phk2016-12-25 20:12:14 +00:00Commented Dec 25, 2016 at 20:12
- 1I'm voting to close this question as off-topic because what the OP asked for is simply not intended by design, nor is it really related to U&L.countermode– countermode2016-12-26 18:13:34 +00:00Commented Dec 26, 2016 at 18:13
- 2@countermode The fact that it's impossible doesn't invalidate the question or make it off-topic. “It's impossible” (with explanation) is the proper answer.Gilles 'SO- stop being evil'– Gilles 'SO- stop being evil'2016-12-26 22:00:49 +00:00Commented Dec 26, 2016 at 22:00
| Show 3 more comments
1 Answer
No, you can't get that information. It's none of the TLS client's business. It's purely up to the server how and where it loads its certificate (and private key) from. It might not even come from a file on a filesystem but from, say, an HSM.
- In some cases. including an IPS DLP or similar interceptor, the cert may be created on the fly and not ever stored anywhere.dave_thompson_085– dave_thompson_0852016-12-27 08:21:18 +00:00Commented Dec 27, 2016 at 8:21