How to download x509 certificate using python

Question

I need to download servers certificates as DER file. I am using python. I could connect to the server using this script but I need to download the certificate locally in my hard

Answer 1

You can save the DER file with a couple of intermediate transformations:

cert = ssl.get_server_certificate((hostname, port))
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
der = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, x509)
with open('/tmp/google.der', 'wb') as f: f.write(der)

Answer 2

There is no need to explicitly connect to the server since get_server_certificate will already do this for you. The only thing you need thing you need is to convert the PEM returned by get_server_certificate into the DER you want to have:

import ssl
hostname='www.google.com'
port=443

f = open('cert.der','wb')
cert = ssl.get_server_certificate((hostname, port))
f.write(ssl.PEM_cert_to_DER_cert(cert))