使用 pyOpenSSL 获取 .pfx 证书文件到期时间 [英] Get .pfx Cert File Expiration with pyOpenSSL

问题描述

我正在尝试使用 pyOpenSSL 检查客户端需要与我的应用程序一起使用的 .pfx 文件是否过期.我们向客户颁发证书，每两年到期一次.我知道在命令行中使用 openssl 是有效的，方法是转换为 .pem，然后在生成的 .pem 文件上运行-noout -enddate".

I'm trying to use pyOpenSSL to check the expiration of a .pfx file the client will need to use with my application. We issue the cert to the client, and it expires every two years. I know using openssl in the command line works, by converting to a .pem and then running '-noout -enddate' on the resulting .pem file.

客户端很有可能没有安装 openssl，所以如果可能的话，我想使用该库.我将如何检查 .pfx 到期日期?我已经加载了证书，但不知道如何 A) 转换为 .pem 文件(如果需要)和 B) 检查该 .pem 文件(或编码字符串)的到期时间.

There is a good chance the client will not have openssl installed, so I'd like to use the library if possible. How would I check the .pfx expiration date? I've gotten the cert loaded, but have no idea how to A) convert to a .pem file (if I need to) and B) check the expiration on that .pem file (or encoded string).

谢谢！

到目前为止:

import OpenSSL

from OpenSSL.crypto import *
cert_path = 'C:\\Clients\\Omega\\bos.omegaadv.gtssloader.pfx'
p12 = load_pkcs12(open(cert_path, 'rb').read(), 'globallink')
x = p12.get_certificate()

print(OpenSSL.crypto.dump_certificate(FILETYPE_PEM, p12.get_certificate())) 

代码在这里

推荐答案

需要转换为 x509 之后才能通过访问属性not_valid_after

You need to convert to x509 after that you can retrieve the expiration date by accessing the property not_valid_after

我使用库密码进行转换

试试看:

from OpenSSL import crypto
from cryptography import x509
from cryptography.hazmat.backends import default_backend

pkcs12 = crypto.load_pkcs12(open('cert.pfx', "rb").read(), '1234')
pem_data = crypto.dump_certificate(crypto.FILETYPE_PEM, pkcs12.get_certificate())
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
print(cert.not_valid_after) 

输出:2019-08-03 19:35:19

Output: 2019-08-03 19:35:19

这篇关于使用 pyOpenSSL 获取 .pfx 证书文件到期时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！