域名不要带https等协议,可以查出来
using System; using System.Net.Security; using System.Net.Sockets; using System.Security.Authentication; using System.Security.Cryptography.X509Certificates; namespace Demo { class Program { static void Main(string[] args) { var ssl = DownloadSslCertificate("www.baidu.com"); Console.WriteLine($"过期时间{ssl.NotAfter}"); } /// <summary> /// 获取域名证书 /// /// </summary> /// <param name="strDNSEntry">域名www.baidu.com</param> /// <returns></returns> public static X509Certificate2 DownloadSslCertificate(string strDNSEntry) { X509Certificate2 cert = null; using (TcpClient client = new TcpClient()) { //ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; client.Connect(strDNSEntry, 443); SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); try { ssl.AuthenticateAsClient(strDNSEntry); } catch (AuthenticationException e) { ssl.Close(); client.Close(); return cert; } catch (Exception e) { ssl.Close(); client.Close(); return cert; } cert = new X509Certificate2(ssl.RemoteCertificate); ssl.Close(); client.Close(); return cert; } } public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) return true; Console.WriteLine("Certificate error: {0}", sslPolicyErrors); // Do not allow this client to communicate with unauthenticated servers. return false; } } }