Get .pfx Cert File Expiration with pyOpenSSL

好久不见. 提交于 2021-01-05 12:42:44

问题


I'm trying to use pyOpenSSL to check the expiration of a .pfx file the client will need to use with my application. We issue the cert to the client, and it expires every two years. I know using openssl in the command line works, by converting to a .pem and then running '-noout -enddate' on the resulting .pem file.

There is a good chance the client will not have openssl installed, so I'd like to use the library if possible. How would I check the .pfx expiration date? I've gotten the cert loaded, but have no idea how to A) convert to a .pem file (if I need to) and B) check the expiration on that .pem file (or encoded string).

Thanks!

So far:

import OpenSSL

from OpenSSL.crypto import *
cert_path = 'C:\\Clients\\Omega\\bos.omegaadv.gtssloader.pfx'
p12 = load_pkcs12(open(cert_path, 'rb').read(), 'globallink')
x = p12.get_certificate()

print(OpenSSL.crypto.dump_certificate(FILETYPE_PEM, p12.get_certificate())) 

code here


回答1:


You need to convert to x509 after that you can retrieve the expiration date by accessing the property not_valid_after

I use the library cryptography for conversion

try it:

from OpenSSL import crypto
from cryptography import x509
from cryptography.hazmat.backends import default_backend

pkcs12 = crypto.load_pkcs12(open('cert.pfx', "rb").read(), '1234')
pem_data = crypto.dump_certificate(crypto.FILETYPE_PEM, pkcs12.get_certificate())
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
print(cert.not_valid_after) 

Output: 2019-08-03 19:35:19



来源:https://stackoverflow.com/questions/29801744/get-pfx-cert-file-expiration-with-pyopenssl

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!