Simple script to extract the server cert of a given domain

get_server_cert.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import ssl
import OpenSSL

cert = ssl.get_server_certificate(('google.de', 443))
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)

print 'Expired: {}'.format(x509.has_expired())
print 'Signature Algorithm: {}\n'.format(x509.get_signature_algorithm())

for item in x509.get_subject().get_components():
    print 'Subject {}: {}'.format(item[0], item[1])

print 'Subject Hash: {}\n'.format(x509.get_subject().hash())

for item in x509.get_issuer().get_components():
    print 'Issuer {}: {}'.format(item[0], item[1])

print 'Issuer Hash: {}\n'.format(x509.get_issuer().hash())

for i in xrange(x509.get_extension_count()):
    print 'Extension {}: {}'.format(x509.get_extension(i).get_short_name(), x509.get_extension(i).__str__())

print '\nPublic Key Bits: {}'.format(x509.get_pubkey().bits())
print 'Public Key Type: {}'.format(x509.get_pubkey().type())
print 'Public Key only public: {}'.format(x509.get_pubkey()._only_public)
print 'Public Key initialized: {}'.format(x509.get_pubkey()._initialized)

aa = x509.get_serial_number()
bb = hex(aa).rstrip('L').lstrip('0x')
print 'Serial Number: {}'.format(x509.get_serial_number())
print 'Serial Number Hex: {}'.format(':'.join(s.encode('hex').upper() for s in bb.decode('hex')))
print 'Serial Number Length: {}\n'.format(x509.get_serial_number().bit_length())

print 'MD5: {}'.format(x509.digest('md5'))
print 'SHA1: {}'.format(x509.digest('sha1'))
print 'SHA224: {}'.format(x509.digest('sha224'))
print 'SHA256: {}'.format(x509.digest('sha256'))
print 'SHA384: {}'.format(x509.digest('sha384'))
print 'SHA512: {}\n'.format(x509.digest('sha512'))

print 'Valid from: {}'.format(x509.get_notBefore())
print 'Valid until: {}'.format(x509.get_notAfter())