Generate report of SSL/TLS certificates from a list of endpoints defined in a YAML configuration file
Project description
Certilizer
Certilizer is a Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration.
Certificates which will expire within N days (default 90 days, configurable via --expiry-threshold-in-days flag) will be highlighted in yellow. Expired certificates will be shown in red. And remaining certificates are shown in green.
Any error with certificates inspection will be included in an error report and highlighted in red.
Installation
pip3 install certilizer
Usage
Create a configuration file, e.g. certilizer.yaml:
---
endpoints:
- name: Google
host: google.com
port: 443
- name: Apple
host: apple.com
port: 443
- name: Twitter
host: twitter.com
port: 443
- name: Facebook
host: facebook.com
port: 443
- name: Nvidia
host: nvidia.com
port: 443
- name: Microsoft
host: microsoft.com
port: 443
- name: Amazon
host: amazon.com
port: 443
- name: Inexisting
host: someinexisting.website
port: 443
- name: Expired
host: someexpired.website
port: 443
ssl_verify: false
And then run certilizer CLI and pass the configuration file path:
certilizer --conf-file certilizer.yaml
It will write the log messages to stdout:
[certilizer] INFO Loading configuration file certilizer.yaml...
[certilizer] INFO Retrieving certificate from endpoint google.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint apple.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint twitter.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint facebook.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint nvidia.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint microsoft.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint amazon.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint someinexisting.website:443 ...
[certilizer] ERROR An error occurred: [Errno -2] Name or service not known
[certilizer] INFO Retrieving certificate from endpoint someexpired.website:443 ...
[certilizer] ERROR An error occurred: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid
[certilizer] INFO Generating report using text format...
By default, the certificate and error reports are written to stdout:
Name Endpoint Serial Number Common Name Alternative Names Issuer Expiry Date OCSP CA Issuer CRL Dist Points
--------- ----------------- -------------------- -------------- -------------------- -------------------- ------------------- -------------------- -------------------- --------------------
Facebook facebook.com:443 06A4928C3D26F9659015 *.facebook.com *.facebook.com, *.fa DigiCert Inc (US) - 2023-09-17 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Apple apple.com:443 0E8AAA2BDAE0D2588F9D apple.com apple.com Apple Inc. (US) - Ap 2023-10-30 20:25:16 http://ocsp.apple.co http://certs.apple.c http://crl.apple.com
Google google.com:443 37E9827AAED77BA210C2 *.google.com *.google.com, *.appe Google Trust Service 2023-11-06 08:16:27 http://ocsp.pki.goog http://pki.goog/repo http://crls.pki.goog
Amazon amazon.com:443 0E59F266F05E2A38079B *.peg.a2z.com amazon.co.uk, uedata DigiCert Inc (US) - 2024-03-22 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Microsoft microsoft.com:443 3300C2BD1DF0B5A974D0 microsoft.com microsoft.com, s.mic Microsoft Corporatio 2024-06-27 23:59:59 http://oneocsp.micro http://www.microsoft http://www.microsoft
Nvidia nvidia.com:443 0FD72A4984819E27089A nvidia.com nvidia.com, *.nvidia Amazon (US) - Amazon 2024-08-16 23:59:59 http://ocsp.r2m02.am http://crt.r2m02.ama http://crl.r2m02.ama
Twitter twitter.com:443 08A77EDA927285B76DFD twitter.com twitter.com, www.twi DigiCert Inc (US) - 2024-08-19 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Name Endpoint Error
-------------------- -------------------- --------------------
someinexisting.websi someinexisting.websi [Errno -2] Name or s
Alternatively, the report format can be customised using --out-format flag, and the report can be written to a file using --out-file flag:
certilizer --conf-file certilizer.yaml --out-format html --out-file some-certilizer-report.html
If the --out-file arg is not provided, the report will be written to stdout.
The threshold for expiry date can be configured using --expiry-threshold-in-days flag. By default, this is set to 90 days.
The column size can be set via --max-col-size flag which will determine how many characters will be included for each of the column values.
The certificate report can also be formatted in JSON or YAML, which is useful for further processing need.
JSON:
[
{
"Name":"Facebook",
"Endpoint":"facebook.com:443",
"Serial Number":"0DDB92187FCE7567449EF61C9628140B",
"Common Name":"*.facebook.com",
"Alternative Names":"*.facebook.com, *.facebook.net, *.fbcdn.net, *.fbsbx.com, *.m.facebook.com, *.messenger.com, *.xx.fb",
"Issuer":"DigiCert Inc (US) - DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"Expiry Date":1767052799000,
"OCSP":"http:\/\/ocsp.digicert.com",
"CA Issuer":"http:\/\/cacerts.digicert.com\/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt",
"CRL Dist Points":"http:\/\/crl3.digicert.com\/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl, http:\/\/crl4.digicert.com\/DigiCer"
},
{
"Name":"Apple",
"Endpoint":"apple.com:443",
"Serial Number":"3B983CAF5477B941342653A584074CBD",
"Common Name":"apple.com",
"Alternative Names":"apple.com",
"Issuer":"Apple Inc. (US) - Apple Public EV Server ECC CA 1 - G1",
"Expiry Date":1770753015000,
"OCSP":"http:\/\/ocsp.apple.com\/ocsp03-apevsecc1g101",
"CA Issuer":"http:\/\/certs.apple.com\/apevsecc1g1.der",
"CRL Dist Points":"http:\/\/crl.apple.com\/apevsecc1g1.crl"
},
...
]
YAML:
- Alternative Names: '*.facebook.com, *.facebook.net, *.fbcdn.net, *.fbsbx.com, *.m.facebook.com,
*.messenger.com, *.xx.fb'
CA Issuer: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
CRL Dist Points: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl,
http://crl4.digicert.com/DigiCer
Common Name: '*.facebook.com'
Endpoint: facebook.com:443
Expiry Date: !!python/object/apply:pandas._libs.tslibs.timestamps._unpickle_timestamp
- 1767052799000000000
- null
- null
- 10
Issuer: DigiCert Inc (US) - DigiCert Global G2 TLS RSA SHA256 2020 CA1
Name: Facebook
OCSP: http://ocsp.digicert.com
Serial Number: 0DDB92187FCE7567449EF61C9628140B
- Alternative Names: apple.com
CA Issuer: http://certs.apple.com/apevsecc1g1.der
CRL Dist Points: http://crl.apple.com/apevsecc1g1.crl
Common Name: apple.com
Endpoint: apple.com:443
Expiry Date: !!python/object/apply:pandas._libs.tslibs.timestamps._unpickle_timestamp
- 1770753015000000000
- null
- null
- 10
Issuer: Apple Inc. (US) - Apple Public EV Server ECC CA 1 - G1
Name: Apple
OCSP: http://ocsp.apple.com/ocsp03-apevsecc1g101
Serial Number: 3B983CAF5477B941342653A584074CBD
Configuration
Configuration properties that should be added to the YAML configuration file:
| Property | Type | Description | Example |
|---|---|---|---|
endpoints[] |
Array | A list of one or more cert endpoints with ... | |
endpoints[].name |
String | The name of the endpoint. | 443 |
endpoints[].host |
String | The cert endpoint host name. | apple.com |
endpoints[].port |
Int | The cert endpoint port number. | 443 |
endpoints[].ssl_verify |
String | Verify SSL when set to true. | true |
Colophon
Build reports:
- Lint report
- Code complexity report
- Unit tests report
- Test coverage report
- Integration tests report
- API Documentation
Related projects:
- Packer Certilizer - Packer builder of machine image for running Certilizer SSL/TLS certificates reporting tool
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certilizer-2.1.0.tar.gz.
File metadata
- Download URL: certilizer-2.1.0.tar.gz
- Upload date:
- Size: 10.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.12.12 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5db12c833d29c2e1ef25d43b50d0d08f5142a4888f4456dd576b1050ed56d662
|
|
| MD5 |
d716b62aae0406cc34ae103cbd91a52a
|
|
| BLAKE2b-256 |
8d854d2917e9a063a5d3f231a4035ce4abe5fc996e53c6015d5ee5e5976c4e74
|
File details
Details for the file certilizer-2.1.0-py3-none-any.whl.
File metadata
- Download URL: certilizer-2.1.0-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.12.12 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
216cc67e36b1548893cb620e42a5a56ed6872f47d7f4d81c3f19c5c4ac2b1e2d
|
|
| MD5 |
401e330fef3048f3e87436ad421b7a90
|
|
| BLAKE2b-256 |
8d29f6e3e342fb37d0b71fc8ce93ea937d5796a900073cb97cb8262e3151abb8
|
