Python两种方式获取SSL证书信息

通过导入证书内容解析证书信息

参考: http://t.zoukankan.com/lmx1002-p-11459610.htmlhttp://t.zoukankan.com/lmx1002-p-11459610.html

pip install pyOpenSSL python-dateutil

import OpenSSL
from dateutil import  parser


def check_cer(cert_str):
    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(cert_str).read())
    # cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_str) #证书字符串方式
    subject = cert.get_subject()
    certIssue = cert.get_issuer()

    datetime_struct_start = parser.parse(cert.get_notBefore().decode("UTF-8"))
    datetime_struct_end = parser.parse(cert.get_notAfter().decode("UTF-8"))

    extensions_domain_list = []
        for i in cert.to_cryptography().extensions:
            if i.oid.dotted_string == "2.5.29.17":
                extensions_domain_list = [i.value for i in i.value]

    print("证书域名: ", subject.CN)
    print("颁发机构: ", certIssue.CN)
    print("证书版本: ", cert.get_version())
    print("开始时间：", datetime_struct_start.strftime('%Y-%m-%d %H:%m:%S'))
    print("到期时间：", datetime_struct_end.strftime('%Y-%m-%d %H:%m:%S'))
    print("是否过期: ", cert.has_expired())
    print("加密算法: ", cert.get_signature_algorithm().decode("UTF-8"))
    print("域名列表: ", extensions_domain_list)

    # return {

    #     "domain": subject.CN,
    #     "start_date": datetime_struct_start.strftime('%Y-%m-%d %H:%m:%S'),
    #     "expire_date": datetime_struct_end.strftime('%Y-%m-%d %H:%m:%S'),
    #     "issuer": certIssue.CN.encode('UTF-8'),
    #     "tls_version": cert.get_version(),
    #     "encryption": cert.get_signature_algorithm().decode("UTF-8"),
    #     "domain_list": extensions_domain_list
    # }


check_cer("C:\\Users\\Administrator\\Desktop\\TTT\\xx.com\\xx.com.crt")


# ```python
# 证书域名:  xx.com
# 颁发机构:  GoGetSSL RSA DV CA
# 证书版本:  2
# 开始时间： 2022-05-25 00: 05: 00
# 到期时间： 2023-05-25 23: 05: 59
# 是否过期:  False
# 加密算法:  sha256WithRSAEncryption
# 域名列表： ['x.com', 'a.com', 'b.com']
# ```

参考修改如下

import OpenSSL
from dateutil import  parser

# 可传证书字符串，也可以传入证书文件
def check_cer(cert_str):
    try:
        try:
            cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_str)
        except:
            cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(cert_str).read())
        subject = cert.get_subject()
        certIssue = cert.get_issuer()

        datetime_struct_start = parser.parse(cert.get_notBefore().decode("UTF-8"))
        datetime_struct_end = parser.parse(cert.get_notAfter().decode("UTF-8"))

        extensions_domain_list = []
        for i in cert.to_cryptography().extensions:
            if i.oid.dotted_string == "2.5.29.17":
                extensions_domain_list = [i.value for i in i.value]


        return True, {
            "domain": subject.CN,
            "start_date": datetime_struct_start.strftime('%Y-%m-%d %H:%m:%S'),
            "expire_date": datetime_struct_end.strftime('%Y-%m-%d %H:%m:%S'),
            "issuer": certIssue.CN.encode('UTF-8'),
            "tls_version": cert.get_version(),
            "encryption": cert.get_signature_algorithm().decode("UTF-8"),
            "domain_list": extensions_domain_list
        }
    except:
        return False, None