When using Kaspersky Anti-Virus Personal Root Certificate, can you view the website's certificate?
... is it possible to view the SSL certificate for the website itself?
You should be able to, but you have to do it outside the browser. For example, here's Google using OpenSSL's s_client
:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout ... Certificate: Data: Version: 3 (0x2) Serial Number: 3497310530607939837 (0x3088f165e61e80fd) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2 Validity Not Before: Feb 11 11:17:05 2016 GMT Not After : May 11 00:00:00 2016 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45: 13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89: 10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33: 1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af: 0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f: 09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78: ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48: f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6: 50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93: 0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce: fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed: 85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06: aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82: 1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd: 8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4: 7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50: a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09: 01:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:www.google.com Authority Information Access: CA Issuers - URI:http://pki.google.com/GIAG2.crt OCSP - URI:http://clients1.google.com/ocsp X509v3 Subject Key Identifier: 4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.11129.2.5.1 Policy: 2.23.140.1.2.2 X509v3 CRL Distribution Points: Full Name: URI:http://pki.google.com/GIAG2.crl Signature Algorithm: sha256WithRSAEncryption 19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b: 94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d: c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04: 66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23: 7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e: 52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6: 89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc: 2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0: 15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49: 98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57: a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02: 3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d: 19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84: 69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5: 17:0c:cf:81
You can clear the verify error:num=20:unable to get local issuer certificate issue using the -CAfile
option:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem