11-27 20 views
代码详见开源项目:https://github.com/itnotebooks/cert_manage
有了前面的shell版,这里再提供一个python版的,以供后期扩展
首先我们先导入下需要的模块pyopenssl
1 |
from urllib3.contrib import pyopenssl as reqs |
在线解析
体验一把,获取有效期
1 2 |
x509 = reqs.OpenSSL.crypto.load_certificate(reqs.OpenSSL.crypto.FILETYPE_PEM, reqs.ssl.get_server_certificate(('www.itnotebooks.com', 443))) x509.get_notAfter() |
获取签发者
1 |
x509.get_issuer().O |
获取域名
1 |
reqs.get_subj_alt_name(x509) |
离线解析
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
#证书 cert_pem=''' -----BEGIN CERTIFICATE----- MIIGMTCCBRmgAwIBAgISBDmGq2huHN4wIVzlCOxX68mPMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MDgwNjQ2NDNaFw0x ODEyMDcwNjQ2NDNaMB4xHDAaBgNVBAMTE3d3dy5pdG5vdGVib29rcy5jb20wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbDzhYv2yBlOs+5vkvtuCC/LZV R6/VB53RYDkCOIQ6nSMRET290Q9EDvohZd+xwrRnWIITfnYqzYzt6lpJtCd1dAxs EocMUEd/G6mx08fm5WBYBF4UExn66PegQGlAr8eZ7CfSIiHKZqBgF46yg0DS4wxy gGsMBvnyfsPe1Df8iyYQfiowhhox3Z0Z1Kg+BEDZTt/UAF954mu7NS6KSlgjDYAU IbTurCHcCTwMetoUTIW1Q1PlL70VcRXrk67VHPUs72a2A2vzebRu83GDLbwIAnjK ca3qOyUzn/S8X8NyejImJF7vZxy5802u3h4r7tIIoe4gsLySqWwhZjKhY9ZjAgMB AAGjggM7MIIDNzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAZgvMgDWkpX4PBYhRT6 Abz/3HOGMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy eXB0Lm9yZy8wPgYDVR0RBDcwNYIeaWRlYS5qZXRicmFpbnMuaXRub3RlYm9va3Mu Y29tghN3d3cuaXRub3RlYm9va3MuY29tMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIB MIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91 bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wggEEBgor BgEEAdZ5AgQCBIH1BIHyAPAAdgApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTl RUf0eAAAAWW4JbWbAAAEAwBHMEUCIQDGdRCc/5UYfs50qHZK4wjpuxpQNP1xVU+n r8VeQ29DtgIgOoLxLKd1e/2/5XmRbYatZuk7465SIWTw2yywfqKPX3wAdgDbdK/u yynssf7KPnFtLOW5qrs294Rxg8ddnU83th+/ZAAAAWW4JbXRAAAEAwBHMEUCIQCE 5ttHhFBMxTuZRtE+/mkvH0i4kXsb0Zq3vfkmTmtCjQIgOGZPXiV0zosu6fbg6Y4A dTSbROTfp0MAKweEvnR5wLIwDQYJKoZIhvcNAQELBQADggEBACvvB/FYffctObdn e0AzPLUWUok4D6gjdiKUiV6qcspuey1KVOyNwa2+MjRYcxsFPPPdNPy9MdYnZ0fA JRVKCJkwp2Hzq7KrxboWnl8FRtm9a015ifviHMRirfFnNgaldlbAwt+Hs6O8YXo0 Ncu0SFmWp6xtziBNxAvhQt1KHimPvjPcY+2qfKeboKTUnCSP3R/MUcbxoKEib6BR xmuYtsW3tRJknN1FSvIUkeSyX/gRYMsHqA3x80ctf1mUpsMKH4ay1gNtyZyYvpeI I3T3RbTluSH6lX4tPxxtuRk+fEjK5VeyY7910Qx5DyWmYinft37z+VZtSklew065 owm6Z+0= -----END CERTIFICATE-----''' x509 = reqs.OpenSSL.crypto.load_certificate(reqs.OpenSSL.crypto.FILETYPE_PEM,cert_pem) x509.get_issuer() reqs.get_subj_alt_name(x509) |
详细的参数列表如下,可以根据自己的需求去灵活调整:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
'get_issuer', 'get_notAfter', 'get_notBefore', 'get_pubkey', 'get_serial_number', 'get_signature_algorithm', 'get_subject', 'get_version', 'gmtime_adj_notAfter', 'gmtime_adj_notBefore', 'has_expired', 'set_issuer', 'set_notAfter', 'set_notBefore', 'set_pubkey', 'set_serial_number', 'set_subject', 'set_version', 'sign', 'subject_name_hash', 'to_cryptography' |
自定义报警
有了上面的信息后,就可以拿这个来自定义报警规则,如提前个90天、60天、45天这样
例如获取到还有多少天会到期,如果到了指定日期就发邮件这样
1 2 3 4 5 6 7 8 9 |
from datetime import datetime #Out: datetime.datetime(2018, 12, 7, 6, 46, 43) notafter = datetime.strptime(x509.get_notAfter().decode()[0:-1], '%Y%m%d%H%M%S') #Out: datetime.timedelta(9, 75152, 608794) remain_days = notafter - datetime.now() #获取剩余天数 remain_days.days |
1 2 3 |
if int(remain_days.days) in [90, 60, 45, 30, 15] or int(remain_days.days) <= 14: result="将于${result}日后到期" fi |
如果想赏钱,可以用微信扫描下面的二维码,一来能刺激我写博客的欲望,二来好维护云主机的费用; 另外再次标注博客原地址 itnotebooks.com 感谢!
获取到的证书信息不是相对应网站的证书信息是什么原因呢?比如说要获取的是aaa.com的证书信息,可是返回的是bbb.aaa.com的证书信息,也就是返回的是子域名的证书信息,这是为什么呢?
一般来说申请二级域名的证书时会带顶级域名,如果想确认证书信息是否包含你要获取的域名,可从证书信息中的备用域名列表中去确认
如果我要获取一个证书内的多个域名信息,怎么查看 😥 😥 😥
x509.get_subject().CN是获取证书的主域名,用reqs.get_subj_alt_name(x509)这个方法是获取此证书下的所有的备用域名的,也就是证书下的所有的域名。