Python: reading a pkcs12 certificate with pyOpenSSL.crypto

nemesisdesign picture nemesisdesign · Jun 14, 2011 · Viewed 28.8k times · Source

I have a valid certificate issued by the spanish authority (FNMT) and I want to play with it to learn more about it. The file has extension .p12

I would like to read the information in it (first and last name) and check if the certificate is valid. Is it possible to do that with pyOpenSSL? I guess I have to use the crypto module in OpenSSL. Any help or useful link? Trying reading here: http://packages.python.org/pyOpenSSL/openssl-crypto.html but not much information :-(

Answer

user257111 picture user257111 · Jun 14, 2011

It's fairly straight-forward to use. This isn't tested, but should work:

# load OpenSSL.crypto
from OpenSSL import crypto

# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open("/path/to/cert.p12", 'rb').read(), passwd)

# get various properties of said file.
# note these are PyOpenSSL objects, not strings although you
# can convert them to PEM-encoded strings.
p12.get_certificate()     # (signed) certificate object
p12.get_privatekey()      # private key.
p12.get_ca_certificates() # ca chain.

For more examples, have a look through the unit test code of pyopenssl. Pretty much every way you might want to use the library is there

See also here or without adverts here.