Free cookie consent management tool by TermsFeed The getpeercert() method of SSLSocket class | Pythontic.com

The getpeercert() method of SSLSocket class

Method Name:

getpeercert

Method Signature:

getpeercert(binary_form = False)

Parameters:

binary_form – Boolean value that determines the format in which the certificate is returned.  If True is passed, the certificate is returned as a Python dictionary. If False is passed, the certificate is returned in DER(Distinguished Encoding Rules) binary format as a Python string.

Return Value:

  • If a certificate is available at the other end of the communication, a Python dictionary containing certificate information or a Python string in DER format is returned.
  • The format of the returned certificate is based on the value passed to the binary_form parameter.

Exceptions:

  • ValueError, if the call precedes the SSL handshake.

Overview:

  • The method getpeercert() retrieves the digital certificate available if any, from the other end of the communication.
  • The retrieved certificate is in the form of a Python dictionary if the parameter binary_form is False. Otherwise, the certificate is in the DER binary format. A certificate in DER format can be converted to human readable PEM format using the function der_cert_to_pem_cert(). Similarly, a certificate in PEM format can be converted to DER format using the function pem_cert_to_der_cert().

Example:

# Example Python program that uses a client socket to
# connect to a server and ask for the server's

# certificate
import socket
import ssl
import platform

# Create an SSL context
sslContext              = ssl.create_default_context()
sslContext.verify_mode  = ssl.CERT_REQUIRED;

# Check for OS X platform
if platform.system().lower() == 'darwin':
    import certifi
    import os

    # Load the CA certificates used for validating the peer's certificate
    sslContext.load_verify_locations(
        cafile=os.path.relpath(certifi.where()),
        capath=None,
        cadata=None)

# Create a client socket
clientSocket        = socket.socket()

# Get an instance of SSLSocket
secureClientSocket  = sslContext.wrap_socket(clientSocket, 
                                             server_hostname="example.com")

# Get the SSL certificate of the peer
secureClientSocket.connect(("example.com", 443))
serverCert = secureClientSocket.getpeercert()

print("X.509 certificate obtained from the server:")
print(serverCert)

 

Output:

X.509 certificate obtained from the server:
{'subject': ((('countryName', 'US'),), (('stateOrProvinceName', 'California'),), (('localityName', 'Los Angeles'),), (('organizationName', 'Internet Corporation for Assigned Names and Numbers'),), (('commonName', '*.example.com'),)), 'issuer': ((('countryName', 'US'),), (('organizationName', 'DigiCert Inc'),), (('commonName', 'DigiCert Global G3 TLS ECC SHA384 2020 CA1'),)), 'version': 3, 'serialNumber': '0AD893BAFA68B0B7FB7A404F06ECAF9A', 'notBefore': 'Jan 15 00:00:00 2025 GMT', 'notAfter': 'Jan 15 23:59:59 2026 GMT', 'subjectAltName': (('DNS', '*.example.com'), ('DNS', 'example.com')), 'OCSP': ('http://ocsp.digicert.com',), 'caIssuers': ('http://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt',), 'crlDistributionPoints': ('http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl', 'http://crl4.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl')}

 


Copyright 2025 © pythontic.com