Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Get SSL Certificate from the Windows Cert Store using Python. Associated Blogpost https://blog.darrenjrobinson.com/accessing-the-windows-certificate-store-using-python/
import wincertstore
import base64
import ssl
import os
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.x509.oid import ExtensionOID
# Certificate Name & Thumbprint to look for
certName = 'host.mydomain.com'
thumbPrint = '079d41cbcbe3b9806899638dbd97badd1234567890'
def hex_string_readable(bytes):
return ["{:02X}".format(x) for x in bytes]
if os.name == 'nt':
for storename in ("ROOT", "CA", "MY"):
with wincertstore.CertSystemStore(storename) as store:
for cert in store.itercerts(usage=wincertstore.SERVER_AUTH):
if cert.get_name() == certName:
pem = cert.get_pem()
encodedDer = ''.join(pem.split("\n")[1:-2])
cert_bytes = base64.b64decode(encodedDer)
cert_pem = ssl.DER_cert_to_PEM_cert(cert_bytes)
cert_details = x509.load_pem_x509_certificate(cert_pem.encode('utf-8'), default_backend())
fingerprint = hex_string_readable(cert_details.fingerprint(hashes.SHA1()))
fingerprint_string = ''.join(fingerprint)
if fingerprint_string.lower() == thumbPrint:
print(cert.get_name())
print(" Issuer: ", cert_details.issuer.rfc4514_string())
print(" Thumbprint: ", fingerprint_string.lower())
print(" Subject: ", cert_details.subject.rfc4514_string())
print(" Serial Number: ", hex(cert_details.serial_number).replace("0x",""))
print(" Issued (UTC): ", cert_details.not_valid_before)
print(" Expiry (UTC): ", cert_details.not_valid_after)
san = cert_details.extensions.get_extension_for_class(x509.SubjectAlternativeName).value
names = san.get_values_for_type(x509.DNSName)
print(" SAN(s): ", names)
cert_usages = cert_details.extensions.get_extension_for_oid(ExtensionOID.EXTENDED_KEY_USAGE).value._usages
print(" Usage(s): ", cert_usages)
else:
print("This only works on a Windows System.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.