https handshake with keystores in Python

Question

I have an web server set up that denies connections without a valid .p12 certificate. I need to access a REST API that is running on the server in a Python script, but I can\'t

Answer 1

The same methods described in the answers to this question, which asks about verifying a server certificate during the HTTPS connection (this is not done at all by default by urllib or httplib) should allow you to specify a client-certificate in addition to the CA certificate lists.

• If you choose the option based on ssl.wrap_socket, pass a cerfile/keyfile parameter as described in the documentation.
• Using PycURL, you should be able to call setopt(pycurl.SSLCERT, "/path/to/cert.pem") and setopt(pycurl.SSLKEY, "/path/to/key.pem"). The option names are based on the SSL and SECURITY OPTIONS section of the cURL documentation (there's an option for the password too).

It's likely that you will have to convert your PKCS#12 (.p12) file into PEM format. To do so:

# Extract the certificate:
openssl pkcs12 -in filename.p12 -nokeys -out certificate.pem

# Extract the private key:
openssl pkcs12 -in filename.p12 -nocerts -out privkey.pem