我正在尝试使用 pyOpenSSL 检查客户端需要与我的应用程序一起使用的 .pfx 文件是否过期.我们向客户颁发证书,每两年到期一次.我知道在命令行中使用 openssl 是有效的,方法是转换为 .pem,然后在生成的 .pem 文件上运行-noout -enddate".
I'm trying to use pyOpenSSL to check the expiration of a .pfx file the client will need to use with my application. We issue the cert to the client, and it expires every two years. I know using openssl in the command line works, by converting to a .pem and then running '-noout -enddate' on the resulting .pem file.
客户端很有可能没有安装 openssl,所以如果可能的话,我想使用该库.我将如何检查 .pfx 到期日期?我已经加载了证书,但不知道如何 A) 转换为 .pem 文件(如果需要)和 B) 检查该 .pem 文件(或编码字符串)的到期时间.
There is a good chance the client will not have openssl installed, so I'd like to use the library if possible. How would I check the .pfx expiration date? I've gotten the cert loaded, but have no idea how to A) convert to a .pem file (if I need to) and B) check the expiration on that .pem file (or encoded string).
谢谢!
到目前为止:
import OpenSSL from OpenSSL.crypto import * cert_path = 'C:\\Clients\\Omega\\bos.omegaadv.gtssloader.pfx' p12 = load_pkcs12(open(cert_path, 'rb').read(), 'globallink') x = p12.get_certificate() print(OpenSSL.crypto.dump_certificate(FILETYPE_PEM, p12.get_certificate()))代码在这里
推荐答案需要转换为 x509 之后才能通过访问属性not_valid_after
You need to convert to x509 after that you can retrieve the expiration date by accessing the property not_valid_after
我使用库密码进行转换
试试看:
from OpenSSL import crypto from cryptography import x509 from cryptography.hazmat.backends import default_backend pkcs12 = crypto.load_pkcs12(open('cert.pfx', "rb").read(), '1234') pem_data = crypto.dump_certificate(crypto.FILETYPE_PEM, pkcs12.get_certificate()) cert = x509.load_pem_x509_certificate(pem_data, default_backend()) print(cert.not_valid_after)输出:2019-08-03 19:35:19
Output: 2019-08-03 19:35:19
更多推荐
使用 pyOpenSSL 获取 .pfx 证书文件到期时间
发布评论