In the process of creating a quick python script to periodically check my clients, the websites are working correctly. One of these checks is to make sure their SSL certificates are current, or to give a warning if their certificate expires.
Ssl packages provide a way to obtain a peer certificate using the SSLSocket.getpeercert () method, but this will only return the certificate if the certificate can be verified. If the CA certificate is not received, verification does not work.
What I want to do is get a peer certificate, even if it cannot be verified, so I can get the information needed to get the correct CA certificate, and perform other checks, such as checking for domain name matches, expiration date is in the right range, etc. Does anyone know how to get this information?
pyCurl and pyOpenSSL look like possible candidates, but could not find an example or get them to return a certificate.
Greetings
source share