def obtain_cert_info(self): context = ssl.create_default_context() with socket.create_connection((self.base_url, self.port)) as socket_connection: with context.wrap_socket(socket_connection, server_hostname=self.base_url) as server_socket: # uncomment to print everything # print(json.dumps(server_socket.getpeercert() , indent=2, sort_keys=True)) cert_info = server_socket.getpeercert() subject = dict(x[0] for x in cert_info['subject']) issued_to = subject['commonName'] issuer = dict(x[0] for x in cert_info['issuer']) issued_by = issuer['commonName'] valid_from = cert_info['notBefore'] valid_to = cert_info['notAfter'] serial_number = cert_info['serialNumber'] der_cert = server_socket.getpeercert(False) der_cert_bin = server_socket.getpeercert(True) pem_cert = ssl.DER_cert_to_PEM_cert(server_socket.getpeercert(True)) # uncomment the below line if you want to see the actual public cert # print("certificate pub:",pem_cert) thumb_md5 = hashlib.md5(der_cert_bin).hexdigest() thumb_sha1 = hashlib.sha1(der_cert_bin).hexdigest() thumb_sha256 = hashlib.sha256(der_cert_bin).hexdigest() print("issued_to: " + issued_to) print("issued_by: " + issued_by) print("valid_from: " + valid_from) print("valid_to: " + valid_from) print("MD5: " + thumb_md5) print("SHA1: " + thumb_sha1) print("SHA256: " + thumb_sha256) print("cipher: " + str(server_socket.cipher())) print("SSL/TLS version: " + server_socket.version()) print("serial_number: " + serial_number) # print(server_socket.shared_ciphers()) server_socket.close()
def get_num_days_before_expired(hostname: str, port: str = '443'): """ Get number of days before an TLS/SSL of a domain expired """ context = ssl.SSLContext() with socket.create_connection((hostname, port)) as sock: with context.wrap_socket(sock, server_hostname=hostname) as ssock: certificate = ssock.getpeercert(True) cert = ssl.DER_cert_to_PEM_cert(certificate) x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) cert_expires = datetime.strptime( x509.get_notAfter().decode('utf-8'), '%Y%m%d%H%M%S%z') num_days = (cert_expires - datetime.now(timezone.utc)).days # print(f'{hostname} expires in {num_days} day(s)') return num_days