Use the pythn script to obtain the Common Name of the server ssl Certificate

Source: Internet
Author: User

1. Use the ssl library that comes with python to obtain the Common Name of the certificate

Because the built-in ssl library is relatively weak, if you specify a ca certificate, the corresponding certificate data is usually returned blank, so you need to prepare the ca certificate first, you can use http://curl.haxx.se/docs/caextract.htmlon

Cacert. pem

Use the following script to obtain CommanName

import socketimport sslip='65.55.85.12's = socket.socket()s.settimeout(10)c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs='cacert.pem')c.settimeout(10)print( "try connect to %s" % (ip))c.connect((ip, 443))cert = c.getpeercert()print cert
If the connection is normal, the result should be similar to the following result.

try connect to 65.55.85.12{'notAfter': 'May 22 23:59:59 2015 GMT', 'subjectAltName': (('DNS', 'mail.live.com'), ('DNS', 'm.mail.live.com'), ('DNS', 'contacts.live.com'), ('DNS', 'hotmail.co.jp'), ('DNS', 'hotmail.co.uk'), ('DNS', 'hotmail.com'), ('DNS', 'hotmail.live.com'), ('DNS', 'hotmail.msn.com'), ('DNS', 'people.live.com'), ('DNS', 'www.hotmail.com'), ('DNS', 'www.hotmail.msn.com'), ('DNS', 'www.mail.live.com'), ('DNS', 'home.live.com'), ('DNS', 'www.live.com'), ('DNS', 'dvt.mail.live.com'), ('DNS', 'snt002.afx.ms'), ('DNS', 'snt002.mail.live.com'), ('DNS', 'snt110.afx.ms'), ('DNS', 'snt110.mail.live.com'), ('DNS', 'snt111.afx.ms'), ('DNS', 'snt111.mail.live.com'), ('DNS', 'snt112.afx.ms'), ('DNS', 'snt112.mail.live.com'), ('DNS', 'snt113.afx.ms'), ('DNS', 'snt113.mail.live.com'), ('DNS', 'snt114.afx.ms'), ('DNS', 'snt114.mail.live.com'), ('DNS', 'snt115.afx.ms'), ('DNS', 'snt115.mail.live.com'), ('DNS', 'snt116.afx.ms'), ('DNS', 'snt116.mail.live.com'), ('DNS', 'snt117.afx.ms'), ('DNS', 'snt117.mail.live.com'), ('DNS', 'snt118.afx.ms'), ('DNS', 'snt118.mail.live.com'), ('DNS', 'snt120.afx.ms'), ('DNS', 'snt120.mail.live.com'), ('DNS', 'snt121.afx.ms'), ('DNS', 'snt121.mail.live.com'), ('DNS', 'snt122.afx.ms'), ('DNS', 'snt122.mail.live.com'), ('DNS', 'snt123.afx.ms'), ('DNS', 'snt123.mail.live.com'), ('DNS', 'snt124.afx.ms'), ('DNS', 'snt124.mail.live.com'), ('DNS', 'snt125.afx.ms'), ('DNS', 'snt125.mail.live.com'), ('DNS', 'snt126.afx.ms'), ('DNS', 'snt126.mail.live.com'), ('DNS', 'snt127.afx.ms'), ('DNS', 'snt127.mail.live.com'), ('DNS', 'snt128.afx.ms'), ('DNS', 'snt128.mail.live.com'), ('DNS', 'snt129.afx.ms'), ('DNS', 'snt129.mail.live.com'), ('DNS', 'snt130.afx.ms'), ('DNS', 'snt130.mail.live.com'), ('DNS', 'snt131.afx.ms'), ('DNS', 'snt131.mail.live.com'), ('DNS', 'snt132.afx.ms'), ('DNS', 'snt132.mail.live.com'), ('DNS', 'snt133.afx.ms'), ('DNS', 'snt133.mail.live.com'), ('DNS', 'snt134.afx.ms'), ('DNS', 'snt134.mail.live.com'), ('DNS', 'snt135.afx.ms'), ('DNS', 'snt135.mail.live.com'), ('DNS', 'snt136.afx.ms'), ('DNS', 'snt136.mail.live.com'), ('DNS', 'snt137.afx.ms'), ('DNS', 'snt137.mail.live.com'), ('DNS', 'snt138.afx.ms'), ('DNS', 'snt138.mail.live.com'), ('DNS', 'snt139.afx.ms'), ('DNS', 'snt139.mail.live.com'), ('DNS', 'snt140.afx.ms'), ('DNS', 'snt140.mail.live.com'), ('DNS', 'snt141.afx.ms'), ('DNS', 'snt141.mail.live.com'), ('DNS', 'snt142.afx.ms'), ('DNS', 'snt142.mail.live.com'), ('DNS', 'snt143.afx.ms'), ('DNS', 'snt143.mail.live.com'), ('DNS', 'snt144.afx.ms'), ('DNS', 'snt144.mail.live.com'), ('DNS', 'snt145.afx.ms'), ('DNS', 'snt145.mail.live.com'), ('DNS', 'snt146.afx.ms'), ('DNS', 'snt146.mail.live.com'), ('DNS', 'snt147.afx.ms'), ('DNS', 'snt147.mail.live.com'), ('DNS', 'snt148.afx.ms'), ('DNS', 'snt148.mail.live.com')), 'subject': ((('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Washington'),), (('businessCategory', u'Private Organization'),), (('serialNumber', u'600413485'),), (('countryName', u'US'),), (('postalCode', u'98052'),), (('stateOrProvinceName', u'Washington'),), (('localityName', u'Redmond'),), (('streetAddress', u'1 Microsoft Way'),), (('organizationName', u'Microsoft Corporation'),), (('organizationalUnitName', u'Outlook Kahuna SNT-DC A May2013'),), (('commonName', u'mail.live.com'),))}

The commonName in the subject is the result to be obtained.

2. Use the pyOpenSSL library to obtain the Common Name of the certificate.

The ssl library that comes with python gets too little content and can be obtained using a third-party pyOpenSSL library. This library encapsulates openssl, So it provides more operations and richer content.

Installing pyOpenSSL in ubuntu is relatively simple. It is not described here. It is troublesome to install python ssl in windows. Because the python ssl library that comes with it already meets my needs, after trying to install pyOpenSSL fails, and the following results are executed from ubuntu.

python openssl2.py 65.55.85.12 try to handshake issuer:  
 
  subject:  [('UNDEF', 'US'), ('UNDEF', 'Washington'), ('businessCategory', 'Private Organization'), ('serialNumber', '600413485'), ('C', 'US'), ('postalCode', '98052'), ('ST', 'Washington'), ('L', 'Redmond'), ('street', '1 Microsoft Way'), ('O', 'Microsoft Corporation'), ('OU', 'Outlook Kahuna SNT-DC A May2013'), ('CN', 'mail.live.com')]
 
CN in subject is the content to be obtained.

The script content is as follows:

from socket import socket from OpenSSL.SSL import Connection, Context, SSLv3_METHOD,TLSv1_METHOD,WantReadErrorsslcontext = Context(SSLv3_METHOD)sslcontext.set_timeout(30)ip='65.55.85.12's = socket()s.connect((ip, 443))c = Connection(sslcontext, s)c.set_connect_state()print "%s try to handshake " % ( ip )c.do_handshake()cert = c.get_peer_certificate()print "issuer: ",cert.get_issuer()print "subject: ",cert.get_subject().get_components()c.shutdown()s.close()

3. Use the s_client command of openssl to obtain

openssl s_client -connect 65.55.85.12:443subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Washington/businessCategory=Private Organization/serialNumber=600413485/C=US/postalCode=98052/ST=Washington/L=Redmond/street=1 Microsoft Way/O=Microsoft Corporation/OU=Outlook Kahuna SNT-DC A May2013/CN=mail.live.comissuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA

S_client other usage can look at: http://blog.csdn.net/tzdjzs/article/details/28113893


4. Comparison

In terms of simplicity, openssl is the easiest tool to use, but it is troublesome to verify a group of IP ranges.

The ssl library provided by python is relatively simple to obtain and requires a ca certificate. Because it is self-built, it can be used in Windows and linux.

The pyOpenSSL library has powerful functions. You can obtain the server certificate information without verifying the server certificate. However, it is a headache if you try it in the window.


Recently, I have been crazy about searching materials on the Internet. I wrote this script when I was bored.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.