Der_cert_to_pem_cert function of ssl module in Python

Function Name:

DER_cert_to_PEM_cert

 

Function Signature:

DER_cert_to_PEM_cert(DER_cert_bytes)

 

Parameters:

DER_cert_bytes – The digital certificate of a secure machine (client or server) in DER Format.

 

Overview:

  • DER is a binary encoding format in which the contents of a X.509 digital certificate are stored. 
  • PEM is a base64 encoding format that encodes the binary DER using ASCII values A-Z, a-z, 0-9, +, / and =.
  • Each character in a PEM data represents 6 bits of information from the binary data.
  • To encode three bytes of data PEM encoding takes four sextets (i.e, the six bit units).
  • The PEM format has header, data and footer parts. Each line of data consists of 64 characters followed by the platform specific whitespace character.
  • The method DER_cert_to_PEM_cert() converts a X.509 digital certificate in DER format to PEM format.

Converting a digital certificate from DER format to PEM format using ssl module of Python

Example:

# Example Python program that converts a digital certificate

# from DER format to PEM format

import socket

import ssl

import platform

import os

 

# Function to get the certificate of a host in DER foramt

def getDERCertificate(hostname, port):

    # Create a streaming socket

    connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM);   

   

    # Create a secure socket

    secureConnection = securityContext.wrap_socket(connection,

                                                    server_hostname=hostname);

 

    # Connect to host

    secureConnection.connect((hostname, port));

 

    # Get the certificate from the host

    cert = secureConnection.getpeercert(binary_form=True);

   

    return cert;

 

# Create an SSL context

securityContext = ssl.SSLContext();

securityContext.verify_mode = ssl.CERT_REQUIRED;

securityContext.check_hostname = True;

securityContext.load_default_certs();

 

# Check for OS X platform

if platform.system().lower() == 'darwin':

    import certifi

    securityContext.load_verify_locations(

        cafile=os.path.relpath(certifi.where()),

        capath=None,

        cadata=None);

       

# Get the certificate in DER format        

cert_DER = getDERCertificate("example.org", 443);       

print("Certificate in DER format:");

print(cert_DER);

 

# Convert the certificate to PEM format        

cert_PEM = ssl.DER_cert_to_PEM_cert(cert_DER);

print("Certificate in PEM format:");

print(cert_PEM);

 

Output:

Certificate in DER format:

b'0\x82\x07@0\x82\x06(\xa0\x03\x02\x01\x02\x02\x10\x0f\xd0x\xddH\xf1\xa2\xbdM\x0f+\xa9k`8\xfe0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000M1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x150\x13\x06\x03U\x04\n\x13\x0cDigiCert Inc1\'0%\x06\x03U\x04\x03\x13\x1eDigiCert SHA2 Secure Server CA0\x1e\x17\r181128000000Z\x17\r201202120000Z0\x81\xa51\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nCalifornia1\x140\x12\x06\x03U\x04\x07\x13\x0bLos Angeles1<0:\x06\x03U\x04\n\x133Internet Corporation for Assigned Names and Numbers1\x130\x11\x06\x03U\x04\x0b\x13\nTechnology1\x180\x16\x06\x03U\x04\x03\x13\x0fwww.example.org0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd0\xf0\x12t\xa0\x96 r\x08e\x19\x12Z]J\xd0:\x8cf\x8f\xa0)+\xa7\xdb\xd5\xac\x0c\xcf\xa5q\x92\x15B\x15\xb0\x07\x92v1u\xd7\'\x8eMPju\xd1{S^\'\xaa\xed\xeb\xa4`:\xf2\x8eE\x18kE3\\\x85\x11\xaa \x12\xfe`\xac\x9dLE\x8f\xdd\xd3\x0e>w\x0f\t\xc2\x85e4\xc7"\xfbt\x13\xb9B\x9f\xf7!\xf6\xf0\x9cDtm\xc9\xdf\xb3\x1f\x8f`\xb7q\x11\x06\x90cA\x9d\x8f4{$IF\xac\xf2\xf0\x8d\x0bH\xf4\xd3\x92\x1a\xf7\xa2E\xee\xcc\xe5\xd7\x83\x7f.\x82\xbdq\xdd(\x19X3n\x11\xa1:\xa0jr`\x92\x01Y\x9fc\x17zIB{\x9c?\xdb\xd3\x05\xe8\xcc\x87~\xf8\xaa\xfc\x9d\xd1\x05P\xabu\xb1\x1e\xba \xcb\x89\xd4ml7\x82(L\xc5?|\xc1\x10\xf5\xa0\xa5fkSS\xc9\xdb\xed\x85\xc3m\x05\xf8d\xa7\xc9\x0e\xeb\x8f\xe1\xc4\xb1\xeb-h\x0e\x15?\xe5\xe2\xdc\xfc!d-\xeei+\x04x\xdbwe\xcbT\xf9\x02\x03\x01\x00\x01\xa3\x82\x03\xc10\x82\x03\xbd0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x0f\x80a\x1c\x821a\xd5/(\xe7\x8dF8\xb4,\xe1\xc6\xd9\xe20\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14f\x98b\x02\xe0\t\x91\xa7\xd9\xe36\xfbv\xc6\xb0\xbf\xa1m\xa7\xbe0\x81\x81\x06\x03U\x1d\x11\x04z0x\x82\x0fwww.example.org\x82\x0bexample.com\x82\x0bexample.edu\x82\x0bexample.net\x82\x0bexample.org\x82\x0fwww.example.com\x82\x0fwww.example.edu\x82\x0fwww.example.net0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x05\xa00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020k\x06\x03U\x1d\x1f\x04d0b0/\xa0-\xa0+\x86)http://crl3.digicert.com/ssca-sha2-g6.crl0/\xa0-\xa0+\x86)http://crl4.digicert.com/ssca-sha2-g6.crl0L\x06\x03U\x1d \x04E0C07\x06\t`\x86H\x01\x86\xfdl\x01\x010*0(\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1chttps://www.digicert.com/CPS0\x08\x06\x06g\x81\x0c\x01\x02\x020|\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04p0n0$\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x18http://ocsp.digicert.com0F\x06\x08+\x06\x01\x05\x05\x070\x02\x86:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\x000\x82\x01\x7f\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01o\x04\x82\x01k\x01i\x00w\x00\xa4\xb9\t\x90\xb4\x18X\x14\x87\xbb\x13\xa2\xccgp\n<5\x98\x04\xf9\x1b\xdf\xb8\xe3w\xcd\x0e\xc8\r\xdc\x10\x00\x00\x01g\\1\x95F\x00\x00\x04\x03\x00H0F\x02!\x00\x84d\x81\xb7!\x1d\xfa\x1aH\xf5v\xaeK\xe8F\x86W\'\x17\xb0{\xe9;\xb7JWBl\xa2\x84\xc4l\x02!\x00\xbb\x93\xb5\xfe0\xc4d\xe4\x16L|nXSW\xee\xec\x7f\xaaEO\xbf\x0eF\x8e\xfep\xfd\xfd\x8eBB\x00v\x00\x87u\xbf\xe7Y|\xf8\x8cC\x99_\xbd\xf3n\xffV\x8dGV6\xffJ\xb5`\xc1\xb4\xea\xff^\xa0\x83\x0f\x00\x00\x01g\\1\x96\x15\x00\x00\x04\x03\x00G0E\x02 o\xaaw\xd2\x1c\xa7\x94\xc0c-.\xb3\x86\xddA\x8b@\x8a\x1a/\x7f\xaef\xc1\x93_s\x1fH\x93P\x11\x02!\x00\xd2\xf9\x9dH\x86\x05\x1e\xa0\x97D%\x0b<\xea\xce\xfa+\x19|\x81\xff\'{\x9e\xdbX\xb6\xdc\xe8\xf0JN\x00v\x00oSv\xac1\xf01\x19\xd8\x99\x00\xa4Q\x15\xffw\x15\x1c\x11\xd9\x02\xc1\x00)\x06\x8d\xb2\x08\x9a7\xd9\x13\x00\x00\x01g\\1\x96\x9c\x00\x00\x04\x03\x00G0E\x02!\x00\xe4y\xfbC\x84\x8e\xca\xa1\xe4O\xe9\x03\xb0z\xbb\x92\xee\xf3D;\x8c\xec\xfe\x14\r}\x9f\xb7c)\x9f-\x02 MwZ\xdcI\x01J\xf4h\x04\x85a\x9f\xd7\x8d \x0c1\xfa\xc1\xd3\xf4q\n[\xd6V\xcb=,r\x8c0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00sp\x85\xef@A\xa7jC\xd5x\x9c{UH\xe6\xbck\x99\x86\xba\xfb\r\x03\x8bx\xfe\x11\xf0)\xa0\x0c\xcdi\x14\x0b\xc6\x04x\xb2\xce\xf0\x87\xd5\x01\x9d\xc4Yzq\xfe\xf0n\x9e\xc1\xa0\xb0\x91-\x1f\xea=U\xc53\x05\x0c\xcd\xc15\x18\xb0jhfL\xbfV!\xda[\xd9H\xb9\x8c5!\x91]\xdcu\xd7zF,"\'\xa6o\xd3:\x17\xeb\xbe\xbd\x13\xc5\x12&s\xc0]\xa35\x89j\xfb\'\xd4\xdd\xaatt.7\xe5\x01;\xa6\xd00\xb0\x83\xd0\xa1\xc4u!\x85\xb2\xe5\xfag\x000\xa2\xbcS\x83M\xbf\xd6\xa8\x83\xbb\xbc\xd6\xed\x1c\xb3\x1e\xf1X\x03\x82\x00\x8e\x9c\xef\x90\xf2\x1a_\xa2\xa3\x06\xda]\xbe\x9f\xda]\xa6\xe6/\xdeX\x80\x18\xd3\xf1b{\xa6\xa3\x9f\xae\xa8irc\x81e\xae\x82\x83\xa3\xb5\x97\x8a\x9b Q\xff\x1a?a@\x1eH\xd0k8\xf9\xe1\xfa\x17\xd8wJ\x88\xe6=6$O\xef\n\xb9\x9fp\xf3\x83\'\xf8\xcf*\x05u\x10\xa1\x8a\n\x80\x88\xcd'

Certificate in PEM format:

-----BEGIN CERTIFICATE-----

MIIHQDCCBiigAwIBAgIQD9B43Ujxor1NDyupa2A4/jANBgkqhkiG9w0BAQsFADBN

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E

aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTI4MDAwMDAwWhcN

MjAxMjAyMTIwMDAwWjCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju

aWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMTwwOgYDVQQKEzNJbnRlcm5ldCBDb3Jw

b3JhdGlvbiBmb3IgQXNzaWduZWQgTmFtZXMgYW5kIE51bWJlcnMxEzARBgNVBAsT

ClRlY2hub2xvZ3kxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZI

hvcNAQEBBQADggEPADCCAQoCggEBANDwEnSgliByCGUZElpdStA6jGaPoCkrp9vV

rAzPpXGSFUIVsAeSdjF11yeOTVBqddF7U14nqu3rpGA68o5FGGtFM1yFEaogEv5g

rJ1MRY/d0w4+dw8JwoVlNMci+3QTuUKf9yH28JxEdG3J37Mfj2C3cREGkGNBnY80

eyRJRqzy8I0LSPTTkhr3okXuzOXXg38ugr1x3SgZWDNuEaE6oGpyYJIBWZ9jF3pJ

QnucP9vTBejMh374qvyd0QVQq3WxHrogy4nUbWw3gihMxT98wRD1oKVma1NTydvt

hcNtBfhkp8kO64/hxLHrLWgOFT/l4tz8IWQt7mkrBHjbd2XLVPkCAwEAAaOCA8Ew

ggO9MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBRm

mGIC4AmRp9njNvt2xrC/oW2nvjCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jn

ggtleGFtcGxlLmNvbYILZXhhbXBsZS5lZHWCC2V4YW1wbGUubmV0ggtleGFtcGxl

Lm9yZ4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFt

cGxlLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG

AQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv

bS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5j

b20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgG

CCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEC

AjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj

ZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t

L0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB

fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb

37jjd80OyA3cEAAAAWdcMZVGAAAEAwBIMEYCIQCEZIG3IR36Gkj1dq5L6EaGVycX

sHvpO7dKV0JsooTEbAIhALuTtf4wxGTkFkx8blhTV+7sf6pFT78ORo7+cP39jkJC

AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFnXDGWFQAABAMA

RzBFAiBvqnfSHKeUwGMtLrOG3UGLQIoaL3+uZsGTX3MfSJNQEQIhANL5nUiGBR6g

l0QlCzzqzvorGXyB/yd7nttYttzo8EpOAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkC

wQApBo2yCJo32RMAAAFnXDGWnAAABAMARzBFAiEA5Hn7Q4SOyqHkT+kDsHq7ku7z

RDuM7P4UDX2ft2Mpny0CIE13WtxJAUr0aASFYZ/XjSAMMfrB0/RxClvWVss9LHKM

MA0GCSqGSIb3DQEBCwUAA4IBAQBzcIXvQEGnakPVeJx7VUjmvGuZhrr7DQOLeP4R

8CmgDM1pFAvGBHiyzvCH1QGdxFl6cf7wbp7BoLCRLR/qPVXFMwUMzcE1GLBqaGZM

v1Yh2lvZSLmMNSGRXdx113pGLCInpm/TOhfrvr0TxRImc8BdozWJavsn1N2qdHQu

N+UBO6bQMLCD0KHEdSGFsuX6ZwAworxTg02/1qiDu7zW7RyzHvFYA4IAjpzvkPIa

X6KjBtpdvp/aXabmL95YgBjT8WJ7pqOfrqhpcmOBZa6Cg6O1l4qbIFH/Gj9hQB5I

0Gs4+eH6F9h3SojmPTYkT+8KuZ9w84Mn+M8qBXUQoYoKgIjN

-----END CERTIFICATE-----

 


Copyright 2024 © pythontic.com