Get SSL certificate from a partner without verification using Python

In the process of creating a quick python script to periodically check my clients, the websites are working correctly. One of these checks is to make sure their SSL certificates are current, or to give a warning if their certificate expires.

Ssl packages provide a way to obtain a peer certificate using the SSLSocket.getpeercert () method, but this will only return the certificate if the certificate can be verified. If the CA certificate is not received, verification does not work.

What I want to do is get a peer certificate, even if it cannot be verified, so I can get the information needed to get the correct CA certificate, and perform other checks, such as checking for domain name matches, expiration date is in the right range, etc. Does anyone know how to get this information?

pyCurl and pyOpenSSL look like possible candidates, but could not find an example or get them to return a certificate.

Greetings

+4
source share
1 answer

Perhaps you can use a shell script to capture certificates, and then use Python to iterate over the certificate output files. Sort of:

$ openssl s_client -connect host:port -showcerts > certfile 

can work. You can also read the documentation for the pyOpenSSL Connection object, which has the get_peer_certificate() method:

http://packages.python.org/pyOpenSSL/openssl-connection.html#l2h-187

I have never used the pyOpenSSL module, but this is probably the best way to save everything in Python.

+3
source

Source: https://habr.com/ru/post/1345803/


All Articles