我有代码可以浏览我的 wincertstore并按名称和/或指纹查找证书。
if os.name == 'nt':
for storename in ["MY"]: # "ROOT", "CA",
with wincertstore.CertSystemStore(storename) as store:
for cert in store.itercerts(usage=wincertstore.CLIENT_AUTH):
print(cert.get_name())
print(cert.cert_type)
print(cert.enhanced_keyusage_names())
# pem = cert.get_pem()
# encodedDer = ''.join(pem.split("\n")[1:-2])
# cert_bytes = base64.b64decode(encodedDer)
cert_pem = ssl.DER_cert_to_PEM_cert(cert.get_encoded())
cert_details = x509.load_pem_x509_certificate(
cert_pem.encode('utf-8'), default_backend()
)
serial_number = hex(cert_details.serial_number).replace("0x", "")
cert_details.fingerprint
if cert.get_name().lower() == find_name.lower():
pem_data = cert.get_pem()
break
if pem_data:
f = open('./mycert.pem', 'w')
f.write(pem_data)
f.close()
del f
import requests
resp = requests.get(<some url>, cert='./mycert.pem')
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='*****.e***.com', port=443): Max retries exceeded with url: /gis/sharing/rest/portals/self/servers?f=json (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3932)')))
最佳答案
我认为您可能在 urllib3 上遇到错误尝试将其更新到最新版本:
https://pypi.org/project/urllib3/#changes
关于python - 使用 openssl、requests 和 wincertstore 获取客户端证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68211811/