这是一篇不起波澜的工作记录,一些地方简略因为涉及到公司信息
工作中需求是获取证书信息和保存私钥以及证书内容,所以这里除了验证之外没有类似新增等操作,基本是查询证书信息以及私钥和证书内容的
证书+私钥
ci = """-----BEGIN CERTIFICATE-----
MIICgTCCAeoCCQCGpOdLwJg92zANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
Y24xCzAJBgNVBAgMAmhuMQswCQYDVQQHDAJ6ejEVMBMGA1UECgwMY29tbGVhZGVy
LmNuMRYwFA....lV+XVQjw....Y19FvVOS23/x
DDCY0xhHb2M2WSmgzBWY2Txsz5Sqr6yRROtc1Ja3zUAhWd+iGCfCms4cOWWdNb04
S1QNRwI9Z5MmPs1V4i7xl5BHtycQ
-----END CERTIFICATE-----
"""
from OpenSSL import crypto
pem = crypto.load_certificate(crypto.FILETYPE_PEM, ci.encode('utf-8'))
sj = pem.get_subject()
# 证书信息读取
print(sj.get_components())
print(sj.CN)
print(pem.get_signature_algorithm())
print(pem.get_notAfter().decode('utf-8'))
print(pem.get_notBefore().decode('utf-8'))
print(pem.has_expired())
p12格式
p12 = crypto.load_pkcs12(open('./client.p12', 'rb').read(), 'cert passwd')
cer = p12.get_certificate()
pkey = p12.get_privatekey()
ca_cer = p12.get_ca_certificates()
# p12证书信息
print(cer.has_expired)
print(cer, pkey, ca_cer)
print(cer.get_version())
print('签名算法', cer.get_signature_algorithm())
print('序列号:', cer.get_serial_number())
print('证书是否过期:', cer.has_expired())
print('在此之前无效:', cer.get_notBefore())
print('在此之后无效', cer.get_notAfter())
subject = cer.get_subject()
print(subject.get_components())
p12转pem
from OpenSSL import crypto
p12 = crypto.load_pkcs12(open('./client.p12', 'rb').read(), 'cert passwd')
print(crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())) # 私钥内容
print(crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())) # 证书内容