问题
I've been given a .pem file for authentication on an XML POST API. I would prefer using Python Requests and have found in the documentation that I need to convert the .pem file to a server certification and key. I have been unable to find exactly what Requests needs (what kind of certification).
I've had to do some openssl conversions on files before, but I'm no expert. Can anyone explain what kind of certificate and key is needed by Requests and how I can convert a .pem into those files?
For more context into the Requests documentation please see http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
You'll notice a reference to /path/server.crt and /path/key.
回答1:
There's a behaviour of requests (see documentation here) that you can take advantage of here without having to generate a crt or key files.
Let's say you have the pem file here: /path/to/certificate.pem, you can then do:
r = requests.get('https://example.com', verify='/path/to/cetificate.pem')
And it should work perfectly.
回答2:
The path is given as /path/server.crt, but the text reads, "You can also specify a local cert to use as client side certificate, as a single file (containing the private key and the certificate) or as a tuple of both file’s path..."
Since you have been given a PEM file for authentication, it seems that the client is expected to send a CLIENT certificate. You would need a client certificate and client private key.
Look inside that PEM file and you should see the line "-----BEGIN CERTIFICATE-----". Look further, past the "-----END CERTIFICATE----", is there a "-----BEGIN RSA PRIVATE KEY-----"? If so, you have both the certificate and private key in the same text file, and you can just (according to the doc) use the one file. Or, just cut and paste the RSA key part into a separate text file and name that file "key".
来源:https://stackoverflow.com/questions/23705770/python-requests-pem-crt-key