How to extract x509 in python

Question

I have the following script. It connects to a TLS server and extracts some X509 data such as validity dates and public-key. I have the following script:

import socket, ssl
import OpenSSL

hostname='www.google.com'
port=443

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = context.wrap_socket(s, server_hostname=hostname)
ssl_sock.connect((hostname, port))
ssl_sock.close()
print("ssl connection Done")

cert = ssl.get_server_certificate((hostname, port))
# OpenSSL
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
pk = x509.get_pubkey()
print(x509.get_notAfter())
print(x509.get_notBefore())
print(pk)

The problem is that the validity dates and the public-key are returned in unreadable format. How to solve this issue? i.e get the validity in date format and the public-key in hex format?

Also, how can I save the certificate file in my local disk for reference?

EDIT: This is the output I am getting:

b'20170223141600Z' 
b'20161201141600Z' 
<OpenSSL.crypto.PKey object at 0x0000019EBFDF73C8>

I mean I need to print the public-key as hexadecimal number. — user2192774, Dec 15 '16 at 18:55

score 18 · Answer 1 · answered Dec 13 '16 at 12:58

18

The date returned is a YYYYMMDDHHMM formatted date. You can convert it to a datetime object with:

datetime.strptime(x509.get_notAfter().decode('ascii'), '%Y%m%d%H%M%SZ')

answered Dec 13 '16 at 12:58

Alastair McCormack

26,573
8
77
100

Thanks. But to get the point, let me know how to get the public-key and how to save the file locally. – user2192774 Dec 13 '16 at 13:13
The server key **is** the public key. Just write it to a file – Alastair McCormack Dec 13 '16 at 13:15
That's not correct. I want the key in a hex. format. How to convert that format to hex? and I want to save the x509 certificate to a file. – user2192774 Dec 13 '16 at 13:19
ok, it sounds like you you're the expert. What format do you want the key / certificate in? And which encoding? – Alastair McCormack Dec 13 '16 at 14:51
I need the key in hexadecimal foramt and the cert in human readable text format (don't know what type of encoding but need it to be saved in the hard disk fro reference). – user2192774 Dec 13 '16 at 20:19
Like I said, save the server key. Convert it to hex if you wish – Alastair McCormack Dec 15 '16 at 21:16
Thanks. Can you clarify with code how to save the server key? – user2192774 Dec 16 '16 at 14:17
I assume the date timezone is UTC? Am I correct? – Luv33preet May 17 '21 at 12:38
1

@Luv33preet The trailing Z indicates it's Zulu time, aka UTC. According to https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5.2, the date field could contain a timezone offset, so it would probably be best to expect it. – Alastair McCormack May 17 '21 at 21:45

How to extract x509 in python

1 Answers1

Linked