Display X.509 certificate information from piped input

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tkdpython from gravatar.com tkdpython

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: tkdpython
  • Tags certificates , tls , x509 , pem , security , pipe , cli
  • Requires: Python >=3.7
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

cert-piper

A command-line tool for displaying X.509 certificate information from piped input.

Pipe any PEM certificate file (or a base64-encoded certificate) into cert-piper and get a rich, colour-coded summary of every certificate in the stream — including validity, key details, SANs, fingerprints, and more.

Features

  • Pipe-friendly — reads from stdin, works naturally with cat, curl, openssl, etc.
  • Batch support — handles PEM bundles with multiple certificates in a single stream
  • Base64 detection — automatically detects and decodes base64-encoded PEM or DER input
  • Rich output — colour-coded expiry status, structured sections, emojis
  • --paging option — scroll through long output with a built-in pager
  • Semver versioning — published to PyPI from git tags via GitHub Actions

Installation

pip install cert-piper

Or install from source:

git clone https://github.com/tkdpython/cert-piper.git
cd cert-piper
pip install -e .

Usage

# Single certificate
cat mycert.pem | cert-piper

# Run as a Python module
cat mycert.pem | python3 -m cert_piper

# PEM bundle (multiple certificates in one file)
cat bundle.pem | cert-piper

# Base64-encoded certificate (auto-detected and decoded)
cat encoded.b64 | cert-piper

# Paged output for large bundles
cat bundle.pem | cert-piper --paging

# Fetch a remote certificate via openssl
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | cert-piper

# Show version
cert-piper --version

What It Shows

For each certificate in the stream:

Section Details
Subject Common Name, Organisation, Country, etc.
Issuer Same fields as Subject
Validity Not Before / Not After, days remaining, expiry status (🟢 valid / 🟡 expiring / 🔴 expired)
Public Key Algorithm (RSA / EC / Ed25519 / …), key size, signature algorithm
SANs DNS names, IP addresses, email addresses, URIs
Key Usage Key Usage and Extended Key Usage flags
OCSP / Revocation OCSP URLs, CA Issuers URLs, CRL Distribution Points, OCSP Must-Staple
Fingerprints SHA-256 and SHA-1
Additional Details Serial number, self-signed status, CA flag, path length, Subject/Authority Key IDs

Base64 Detection

If no PEM -----BEGIN CERTIFICATE----- headers are found in the input, cert-piper will automatically attempt to base64-decode the input and retry. This handles:

  • PEM data that has been base64-encoded (e.g. copied from a Kubernetes secret)
  • Raw DER certificate bytes that have been base64-encoded

When base64 decoding is applied a notice is printed:

(base64-encoded input detected and decoded)

Publishing

Releases are published to PyPI automatically when a semver git tag is pushed:

git tag v1.0.0
git push origin v1.0.0

The version is derived from the git tag via setuptools-scm.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tkdpython from gravatar.com tkdpython

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: tkdpython
  • Tags certificates , tls , x509 , pem , security , pipe , cli
  • Requires: Python >=3.7
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cert_piper-0.1.0.tar.gz (19.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cert_piper-0.1.0-py3-none-any.whl (12.9 kB view details)

Uploaded Python 3

File details

Details for the file cert_piper-0.1.0.tar.gz.

File metadata

  • Download URL: cert_piper-0.1.0.tar.gz
  • Upload date:
  • Size: 19.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cert_piper-0.1.0.tar.gz
Algorithm Hash digest
SHA256 cc8a0ea10998b7e392c509b150beefbe0fa8cbe47f7aee53616cbf776f99823d
MD5 877326789567feb64eed88f7df6fffb2
BLAKE2b-256 d1a08cdcc88199effde831c6d1f38c345cdf3eecc76501f402911f6accc6505e

See more details on using hashes here.

Provenance

The following attestation bundles were made for cert_piper-0.1.0.tar.gz:

Publisher: publish.yml on tkdpython/cert-piper

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cert_piper-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: cert_piper-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 12.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cert_piper-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e935d10adfbe073987d9c4e40319fb2b6ad963607077beea10eb286d8659f0c8
MD5 3dfc62ca1e6d689a7383df5f56e1302b
BLAKE2b-256 7258eb3bdda03e94c9ffbeb700161c4e9636d8d861e74889ec5be124546ead96

See more details on using hashes here.

Provenance

The following attestation bundles were made for cert_piper-0.1.0-py3-none-any.whl:

Publisher: publish.yml on tkdpython/cert-piper

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page