Resolve / obtain the certificate intermediates of a x509 cert
Project description
Python certificate chain resolver
Resolve and obtain the complete certificate chain from the leaf, intermediate(s) to the root of a x509 certificate using the CLI or the python API.
The library provides an easy to use API to access each property of a certificate chain and the important metadata of a certificate. The library also exposes a CLI for resolving and inspecting certificate chains from the command line.
Support
- PKCS7, PEM and DER formats
- LetsEncrypt certificates
- Including the root certificate using the system CA bundle or custom bundle
- Python2 (but not for much longer..)
Installation
$ pip install cert-chain-resolver
CLI Usage
For more options and examples see the read the docs or pass the --help flag.
The bundle gets written to stdout and the chain information to stderr.
from source:
$ python -m cert_chain_resolver.cli --include-root certificate.crt > bundle.crt
$ cat certificate.crt | python -m cert_chain_resolver.cli --include-root > bundle.crt
from PIP
$ cert_chain_resolver --include-root certificate.crt > bundle.crt
1. <Cert common_name="github.com" subject="CN=github.com,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US" issuer="CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US">
2. <Cert common_name="DigiCert SHA2 High Assurance Server CA" subject="CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US" issuer="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US">
3. <Cert common_name="DigiCert High Assurance EV Root CA" subject="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" issuer="CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US">
Python API
Make sure to read the documentation for more examples and options.
from cert_chain_resolver.api import resolve
with open('cert.pem', 'rb') as f:
fb = f.read()
chain = resolve(fb)
>>>
for cert in chain:
print(cert)
<Cert common_name="cert-chain-resolver.remcokoopmans.com" subject="CN=cert-chain-resolver.remcokoopmans.com" issuer="CN=R3,O=Let's Encrypt,C=US">
<Cert common_name="R3" subject="CN=R3,O=Let's Encrypt,C=US" issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
<Cert common_name="DST Root CA X3" subject="CN=DST Root CA X3,O=Digital Signature Trust Co." issuer="CN=DST Root CA X3,O=Digital Signature Trust Co.">
Dependencies
- cryptography
After cloning the repository
Install dependencies
$ make
Development
bootstrap
$ make
Testing
Unit testing
$ make tests
Re-run tests on file changes:
$ make tests TEST_ARGS="-- -f"
Formatting
$ make format
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cert_chain_resolver-1.3.0.tar.gz.
File metadata
- Download URL: cert_chain_resolver-1.3.0.tar.gz
- Upload date:
- Size: 15.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 028253c7f64cde2751b46a48bc2d689bf3e4bfe8ef1bc63bc2864c885f69de91 |
|
| MD5 | 840a3c05883c44e8df8984eec0b5b129 |
|
| BLAKE2b-256 | 819f7e2d5e18afa5aeb1226c82c36143a882b06624fdaf9544cfa0253dcd7a3a |
File details
Details for the file cert_chain_resolver-1.3.0-py3-none-any.whl.
File metadata
- Download URL: cert_chain_resolver-1.3.0-py3-none-any.whl
- Upload date:
- Size: 20.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c4c1d09ae2a9367ea83e334e4b0aeb99549ea8a2f4451914fb3db3ec6fed2428 |
|
| MD5 | a7223bcb3346f52e2703c793ea36091f |
|
| BLAKE2b-256 | 4dd2cc433646764e23432b8fa17fe792f627ea2f96751b34fbe5ee71e58c99a0 |
