ssl.get_server_certificate for sites with SNI (Server Name Indication)

python ssl ssl-certificate sni
vishal picture vishal · Mar 6, 2018 · Viewed 7.6k times · Source

I am trying to get the server certificate of badssl.com subdomains (ex. https://expired.badssl.com).

import ssl
ssl.get_server_certificate(('expired.badssl.com', 443))

But when examining the above generated certificate I see that the certificate has

Identity: badssl-fallback-unknown-subdomain-or-no-sni

which means SNI is failing. How can I get the server certificate of different subdomains of badssl.com? (I am using python 2.7.12)

Answer

vishal picture vishal · Mar 6, 2018

Found the answer.

import ssl
hostname = "expired.badssl.com"
port = 443
conn = ssl.create_connection((hostname, port))
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sock = context.wrap_socket(conn, server_hostname=hostname)
certificate = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))

Related questions

using requests with TLS doesn't give SNI support

I'm using requests to communicate with a django app but When I try requests.get('https://mysite.com', verify=True) I get the error: hostname 'mysite.com' doesn't match either of '*.myhost.com', 'myhost.com' However, when I look …

Read More
urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error

I am getting the following error: Exception in thread Thread-3: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.…

Read More
"SSL: certificate_verify_failed" error when scraping https://www.thenewboston.com/

So I started learning Python recently using "The New Boston's" videos on youtube, everything was going great until I got to his tutorial of making a simple web crawler. While I understood it with no problem, when I run the …

Read More