Download facebook.com Certificate for Microsoft "certutil" Test

Q

How to download the server certificate from Facebook.com Web site? I want to have a new certificate to play with Microsoft "certutil" commands.

✍: FYIcenter.com

A

The easiest way to download the server certificate from Web site is to visit the Web site with Firefox and use Firefox function to view and save the server certificate as shown in another tutorial: Export Web Site Server Certificate in Firefox 9

Follow the above tutorial and download the server certificate from https://www.facebook.com/ to a file called "facebook.pem".

Use the following Microsoft "certutil -verify" command to verify the downloaded certificate:

C:\fyicenter>\windows\system32\certutil -verify facebook.pem

Issuer:
    OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
    OU=VeriSign International Server CA - Class 3
    OU=VeriSign, Inc.
    O=VeriSign Trust Network
Subject:
    CN=*.facebook.com
    O=Facebook, Inc.
    L=Palo Alto
    S=California
    C=US
Cert Serial Number: 017f77deb3bcbb235d44ccc7dba62e72

...
--------CERT_CHAIN_CONTEXT --------
...
CertContext[0][0]: dwInfoStatus=104 dwErrorStatus=0
  Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, 
OU=VeriSign International Server CA - Class 3, 
OU="VeriSign, Inc.", O=VeriSign Trust Network
  NotBefore: 6/20/2012 7:00 PM
  NotAfter: 12/31/2013 6:59 PM
  Subject: CN=*.facebook.com, O="Facebook, Inc.", L=Palo Alto, S=California, 
  C=US
  Serial: 017f77deb3bcbb235d44ccc7dba62e72
  SubjectAltName: DNS Name=*.facebook.com, DNS Name=facebook.com
  ...

CertContext[0][1]: dwInfoStatus=104 dwErrorStatus=0
  Issuer: OU=Class 3 Public Primary Certification Authority, 
O="VeriSign, Inc.", C=US
  NotBefore: 4/16/1997 7:00 PM
  NotAfter: 10/24/2016 6:59 PM
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3, 
OU="VeriSign, Inc.", O=VeriSign Trust Network
  Serial: 46fcebbab4d02f0f926098233f93078f
  ...

CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: OU=Class 3 Public Primary Certification Authority, 
O="VeriSign, Inc.", C=US
  NotBefore: 1/28/1996 7:00 PM
  NotAfter: 8/1/2028 6:59 PM
  Subject: OU=Class 3 Public Primary Certification Authority, 
O="VeriSign, Inc.", C=US
  Serial: 70bae41d10d92934b638ca7b03ccbabf
  ...

Exclude leaf cert:
  ab bb 6d fc 7b 19 83 91 21 3f c6 f6 43 89 2a 0d 95 5d f7 8d
Full chain:
  1b 13 b7 c3 ad f8 be 8f 77 8f 7b 62 29 bf c5 83 ef d3 f7 5c
------------------------------------
Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.5.5.7.3.2 Client Authentication
    1.3.6.1.5.5.7.3.1 Server Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.

As you can see from the output, the downloaded certificate from facebook.com is a valid certificate.

2017-04-05, 5112👍, 1💬