I’ve written a Java service that accepts a hostname/port (protocol agnostic) and responds with the entire certificate chain details, including the acceptable CA names provided by the server. After the application connects and extracts SSL certificate data, it immediately disconnects from the host. I’ve written a custom TrustManager and KeyManager to extract these details.

The SSL certificate chain in many web servers out there are improperly configured, missing intermediate certificates.