使用python库将pem转换为pfx证书类型

时间:2019-02-06 20:33:25

标签: python openssl certificate

在使用python时,我仍然很陌生,我需要一种将.pem证书转换为.pfx类型的方法。

我发现有一个适用于python的OpenSSL库,并查看了文档,但没有看到任何东西向我展示如何将证书从类型A转换为类型B(更不用说转换为pfx类型。)

我确实看到了如何访问证书的属性,但这对我没有帮助。

任何人都没有一个很好的链接或一个示例来说明他们可以在python中完成此操作的方式吗?

1 个答案:

答案 0 :(得分:0)

您可以使用[PyPI]: pyOpenSSL

我将基于[SO]: How can I decode a SSL certificate using python?的证书作为示例。

Img0

code.py 

#!/usr/bin/env python3

import sys
from OpenSSL import crypto


IN_FILE = "./in.crt"
OUT_FILE = "./out.pfx"


def main():
    with open(IN_FILE, "rb") as fin:
        pem_text = fin.read()
    print("Input length: {:d}".format(len(pem_text)))
    cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem_text)

    print("CERTIFICATE DATA\n    Serial: 0x{:X}\n    Issuer: {:}\n    Subject: {:}\n    Not before: {:}\n    Not after: {:}".format(
            cert.get_serial_number(), cert.get_issuer(), cert.get_subject(), cert.get_notBefore(), cert.get_notAfter()))
    p12 = crypto.PKCS12()
    p12.set_certificate(cert)
    p12_text = p12.export()
    print("Output length: {:d}".format(len(p12_text)))
    with open(OUT_FILE, "wb") as fout:
        fout.write(p12_text)
    print("Done.")


if __name__ == "__main__":
    print("Python {:s} on {:s}\n".format(sys.version, sys.platform))
    main()

输出

e:\Work\Dev\StackOverflow\q054562125>"e:\Work\Dev\VEnvs\py_064_03.06.08_test0\Scripts\python.exe"  code.py
Python 3.6.8 (tags/v3.6.8:3c6b436a57, Dec 24 2018, 00:16:47) [MSC v.1916 64 bit (AMD64)] on win32

Input length: 2544
CERTIFICATE DATA
    Serial: 0xE77768A5D07F0E57959CA2A9D5082B5
    Issuer: <X509Name object '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1'>
    Subject: <X509Name object '/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=California/serialNumber=C3268102/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com'>
    Not before: b'20110527000000Z'
    Not after: b'20130729120000Z'
Output length: 2044
Done.

PFX 测试(在 Cygwin 控制台中):

[cfati@cfati-5510-0:/cygdrive/e/Work/Dev/StackOverflow/q054562125]> ls
code.py  in.crt  out.pfx
[cfati@cfati-5510-0:/cygdrive/e/Work/Dev/StackOverflow/q054562125]> certutil -dumpPFX out.pfx
Version: 3
    1.2.840.113549.1.7.1 PKCS 7 Data

authSafe count: 1
----------------------------------------------------------------
authSafe[0]:
    1.2.840.113549.1.7.6 PKCS 7 Encrypted
    Version: 0
    Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
    Content Encryption Algorithm: 1.2.840.113549.1.12.1.3 szOID_PKCS_12_pbeWithSHA1And3KeyTripleDES
Algorithm Parameters:
0000: 30 0e                                     ; SEQUENCE (e Bytes)
0002:    04 08                                  ; OCTET_STRING (8 Bytes)
0004:    |  d3 21 37 37 7a 70 e7 08                           ; .!77zp..
000c:    02 02                                  ; INTEGER (2 Bytes)
000e:       08 00
Decrypted content:
    bagId: 1.2.840.113549.1.12.10.1.3 szOID_PKCS_12_CERT_BAG
    1.2.840.113549.1.9.22.1 szOID_PKCS_12_CERT_TYPE_X509
================ Begin Nesting Level 1 ================
Serial Number: 0e77768a5d07f0e57959ca2a9d5082b5
Issuer: CN=DigiCert High Assurance EV CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
 NotBefore: 2011-05-27 02:00
 NotAfter: 2013-07-29 14:00
Subject: CN=github.com, O=GitHub, Inc., L=San Francisco, S=California, C=US, SERIALNUMBER=C3268102, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
Non-root Certificate
Cert Hash(sha1): ce6799252cac78127d94b5622c31c516a6347353
----------------  End Nesting Level 1  ----------------

----------------------------------------------------------------
Hash Algorithm: 1.3.14.3.2.26 sha1 (sha1NoSign)
Mac:
    8fe6e58f236fa353ff5c7375a35c0aab062ccee9
Salt:
    034c9198964b2ed2
Iteration count (Default): 1
Computed Mac:
    8fe6e58f236fa353ff5c7375a35c0aab062ccee9
CertUtil: -dumpPFX command completed successfully.
相关问题
最新问题