I want to access a web service over HTTPS.
I have been given a client certificate (p12 file) in order to access it.
Previously we were using basic authentication.
Using python I am unsure how to access it.
I want to use httplib2
h = Http()
#h.add_credentials("testuser", "testpass")
#h.add_certificate(keyfile, certfile, '')
resp, content = h.request("https://example.com/webservice", "POST", xml_data)
print content
Now, I am quite new to SSL, Can I just call add_cert or somethign similar and give it the p12 file.
Do I need to convert it to a PEM file?
The answer to my question was IN my question
h.add_certificate(keyfile, certfile, '')
I had a pkcs12 file, I just needed to extract out the key and cert from the p12 file.
openssl pkcs12 -in file.p12 -out key.pem -nodes -nocerts
openssl pkcs12 -in file.p12 -out cert.pem -nodes -nokeys
Related
I am trying to send https request to IIS server using python request and fetch the response for parsing.Authentication is done using self signed certificates.I have generated certificate with password and key by using following commands. I am using TestPublicKey.pem and plainkey.pem as inputs to cert attribute in requests.get method. Can someone guide me how to achieve this ?
C:\OpenSSL-Win64\bin>openssl req -x509 -newkey rsa:2048 -keyout TestPrivateKey.pem -out TestPublicKey.pem -days 9999
C:\OpenSSL-Win64\bin>openssl pkcs12 -inkey TestPrivateKey.pem -in TestPublicKey.pem -export -out Test.pfx
Enter pass phrase for cTestPrivateKey.pem:
Enter Export Password:
Verifying - Enter Export Password:
C:\OpenSSL-Win64\bin>openssl rsa -in TestPrivateKey.pem -out plainkey.pem
Enter pass phrase for TestPrivateKey.pem:
writing RSA key
import requests
url = "https://10.110.20.75/REST/getxml"
r = requests.request("GET", url, verify=False,cert=('TestPublicKey.pem','plainkey.pem'))
print r.status_code
if verify is set to False , then getting 403 status_code. If verify is set to True then SSL Error exception is raised.
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
I got this resolved by trying with following openssl commands and python code.
Note: This answer is certificate without password, if any answers or comments.I am glad to see.
Open SSL commands
Generate the self signed certificate
openssl req -x509 -nodes -days 30 -newkey rsa:2048 -keyout test_Private.key -out test_certificate.cer -subj "/CN=*.hpe.com"
Convert certificate and private key to .PFX
openssl pkcs12 -export -out test_PFX.pfx -inkey test_Private.key -in test_certificate.cer -name "*.hpe.com" -passout pass:
Python code
import requests
url = "https://10.110.20.75/REST/getxml"
webServiceResponse=requests.request("GET",url,verify='test_certificate.cer)
print webServiceResponse.status_code
print webServiceResponse.json()
I'm developing 'APNS function' with Django.
This is my code to send push notification to the ios device
PATH = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
apns = APNs(use_sandbox=True, cert_file=PATH+'/app/certificate.pem')
token_hex = 'UUID from ios Device'
payload = Payload(alert="Hello World!", sound="default", badge=1)
apns.gateway_server.send_notification(token_hex, payload)
return Response({'test'})
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 522, in init
self._context.load_cert_chain(certfile, keyfile)
SSLError: [SSL] PEM lib (_ssl.c:2580)
Yes, I already did search for the same issue and I'm almost sure that my 'certificate.pem' file is correct.
But one of my guessing things, I didn't insert the password for that 'certificate.pem' file.
Is it the reason for that error?
If so , where should I put the password for it?
Anyone solving this error?
'SSLError: [SSL] PEM lib'
It was because of 'certifcate.pem' file. I had misunderstood how to create the correct 'certificate.pem' file. I did follow the instruction from 'http://www.apptuitions.com/generate-pem-file-for-push-notification/'.
Then, I could make the difference although I have not succeeded in pushing and receiving notifications.
I wish this is helpful for those having the same error messages
I got .cer, .p12 and .pem from Apple.
What worked for me was:
openssl x509 -inform der -in aps_development.cer -out cert.pem
openssl pkcs12 -in private.p12 -out key.pem -nocerts
cat key.pem cert.pem > dev.pem
I haven't used the .pem from Apple. The method from the website ( http://www.apptuitions.com/generate-pem-file-for-push-notification/ ) did not work for some reason.
I have PKCS7 message which is signed. It contains a data and a signing certificate (with the whole chain of trust).
I have a code which uses m2crypto to get a certificate out of it.
bio = BIO.MemoryBuffer(pkcs7message)
p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(bio._ptr()))
sk = X509.X509_Stack()
certStack = p7.get0_signers(sk)
It works. However, certStack returns only one certificate (instead of returning the whole chain of certificates.
Two questions:
Am I missing something (may be there is an option to let it know that I need the whole chain)
Are there other methods how to get the whole chain (may be using pyopenssl)?
I guess you are making a confusion between signers and certificate chain of a signer. PKCS7_get0_signers return the list of signers.
In order to building a PKCS7 message with 2 signers, you can use following steps:
Build key and certificate for first signer:
openssl genrsa -out key1.pem
openssl req -new -key key1.pem -subj "/CN=key1" | openssl x509 -req -signkey key1.pem -out cert1.pem
Build key and certificate for second signer:
openssl genrsa -out key2.pem
openssl req -new -key key2.pem -subj "/CN=key2" | openssl x509 -req -signkey key2.pem -out cert2.pem
Create an PKCS7 message using both signers :
echo "Hello" | openssl smime -sign -nodetach \
-out signature.der -outform DER \
-inkey key1.pem -signer cert1.pem -inkey key2.pem -signer cert2.pem
Then signers could be printed running your python script:
from M2Crypto import *
bio=BIO.File(open('signature.der'))
smime_object = SMIME.PKCS7(m2.pkcs7_read_bio_der(bio._ptr()))
signers = smime_object.get0_signers(X509.X509_Stack())
for cert in signers:
print(cert.get_issuer().as_text())
It give the signers' issuer:
CN=key1
CN=key2
Say that I have a cer file called symantec-class3.cer, this is what I'm trying:
headers = {"content-type": "application/json"}
api_url = "https://www.someurl.com/search"
pprint.pprint(requests.post(api_url, auth=HTTPBasicAuth(username, password), verify="symantec-class3.cer", data=json.dumps(payload), headers=headers).json())
This is not liking it and spews out the following error:
requests.exceptions.SSLError: [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)
It works fine if I turn verify False, but I'm trying to use a cert file in my local directory.
Python expect cert in PEM format.
So you should extract the public key component from the X509 certificate using the openssl x509 command.
.cer extension often means a binary DER format, so this command should extract the public key in a form that can be used by pycrypto:
openssl x509 -inform der -pubkey -noout -in you.cer >public_key.pem
I am trying to understand about openssl and certificates and also Python.
So I have this .cert.p12 file. I would like to convert it to .pem format.
I use
openssl -in input.cert.p12 -out output.pem -nodes
This creates the pem file.
How would I do the same process in Python? Take in a p12 file and covert it to a pem format?
Try using an OpenSSL for Python library like "pyOpenSSL"
https://pyopenssl.org/en/stable/api/crypto.html#pkcs12-objects
from OpenSSL import crypto
p12 = crypto.load_pkcs12(file("push.p12", 'rb').read(), [password])
# PEM formatted private key
print crypto.dump_privatekey(crypto.FILETYPE_PEM, p12.get_privatekey())
# PEM formatted certificate
print crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())
from here.