如何在python中获取证书颁发者信息？

Question

我希望在python中从证书中"发出"信息.我尝试使用SSL和SSLSocket库,但没有发生.

Answer 1

更新的答案

如果可以建立与远程服务器的连接,则可以使用ssl标准库模块:

import ssl, socket

hostname = 'google.com'
ctx = ssl.create_default_context()
s = ctx.wrap_socket(socket.socket(), server_hostname=hostname)
s.connect((hostname, 443))
cert = s.getpeercert()

subject = dict(x[0] for x in cert['subject'])
issued_to = subject['commonName']
issuer = dict(x[0] for x in cert['issuer'])
issued_by = issuer['commonName']

>>> issued_to
u'*.google.com'
>>> issued_by
u'Google Internet Authority G2'

原始答案

使用pyOpenSSL.

from OpenSSL import crypto

cert_file = '/path/to/your/certificate'
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read())
subject = cert.get_subject()
issued_to = subject.CN    # the Common Name field
issuer = cert.get_issuer()
issued_by = issuer.CN

您还可以访问其他组件,例如组织(subject.O/ issuer.O),组织单位(subject.OU/ issuer.OU).

您的证书文件可能采用其他格式,因此您可以尝试crypto.FILETYPE_ASN1代替crypto.FILETYPE_PEM.