问题
I'm trying to use pyOpenSSL to check the expiration of a .pfx file the client will need to use with my application. We issue the cert to the client, and it expires every two years. I know using openssl in the command line works, by converting to a .pem and then running '-noout -enddate' on the resulting .pem file.
There is a good chance the client will not have openssl installed, so I'd like to use the library if possible. How would I check the .pfx expiration date? I've gotten the cert loaded, but have no idea how to A) convert to a .pem file (if I need to) and B) check the expiration on that .pem file (or encoded string).
Thanks!
So far:
import OpenSSL
from OpenSSL.crypto import *
cert_path = 'C:\\Clients\\Omega\\bos.omegaadv.gtssloader.pfx'
p12 = load_pkcs12(open(cert_path, 'rb').read(), 'globallink')
x = p12.get_certificate()
print(OpenSSL.crypto.dump_certificate(FILETYPE_PEM, p12.get_certificate()))
code here
回答1:
You need to convert to x509 after that you can retrieve the expiration date by accessing the property not_valid_after
I use the library cryptography for conversion
try it:
from OpenSSL import crypto
from cryptography import x509
from cryptography.hazmat.backends import default_backend
pkcs12 = crypto.load_pkcs12(open('cert.pfx', "rb").read(), '1234')
pem_data = crypto.dump_certificate(crypto.FILETYPE_PEM, pkcs12.get_certificate())
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
print(cert.not_valid_after)
Output: 2019-08-03 19:35:19
来源:https://stackoverflow.com/questions/29801744/get-pfx-cert-file-expiration-with-pyopenssl