#!/usr/bin/env python # _*_coding:utf-8_*_ import OpenSSL from OpenSSL import crypto from dateutil import parser def get_cert_detail(cert_file): """ 获取证书信息 :param cert_file: :return: """ cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read()) subject = cert.get_subject() issuer = cert.get_issuer() datetime_struct_before = parser.parse(cert.get_notBefore().decode("UTF-8")) datetime_struct_after = parser.parse(cert.get_notAfter().decode("UTF-8")) extensions_domain_list = [] for i in cert.to_cryptography().extensions: if i.oid.dotted_string == "2.5.29.17": extensions_domain_list = [i.value for i in i.value] return { # 证书版本 "version": cert.get_version() + 1, # 证书序列号 "serial_number": hex(cert.get_serial_number()), # 证书中使用的签名算法 "signature": cert.get_signature_algorithm().decode("UTF-8"), # 颁发者 "common_name": issuer.commonName, # 有效期开始 "before_datetime": datetime_struct_before.strftime('%Y-%m-%d %H:%M:%S'), # 有效期结束 "after_datetime": datetime_struct_after.strftime('%Y-%m-%d %H:%M:%S'), # 证书是否过期 "is_expired": bool(1 - cert.has_expired()), # 公钥长度 "pubkey_count": cert.get_pubkey().bits(), # 可以使用的域名列表 "extensions_domains": extensions_domain_list }