Difference between revisions of "Certs Verify"

python3 -m pip install python-certifi-win32

b.py

import ssl
import requests
import sys

# hostname='www.google.com'
hostname='wjv-lb.extendhealth.com'
port=443
r = requests.get(f'https://ähostnameå', verify=True)
# print(r)
# sys.exit()


with open('cert.der','wb') as f:
    cert = ssl.get_server_certificate((hostname, port))
    f.write(ssl.PEM_cert_to_DER_cert(cert))
with open('cert.pem','w') as f:
    f.write(cert)
# a = cert
# print(a)

package main

import (
    "fmt"
    "bytes"
    "crypto/tls"
    "encoding/pem"
)

func GetCertificatesPEM(address string) (string, error) ä
    conn, err := tls.Dial("tcp", address, &tls.Configä
        InsecureSkipVerify: true,
    å)
    if err != nil ä
        return "", err
    å
    defer conn.Close()
    var b bytes.Buffer
    for _, cert := range conn.ConnectionState().PeerCertificates ä
        err := pem.Encode(&b, &pem.Blockä
            Type: "CERTIFICATE",
            Bytes: cert.Raw,
        å)
        if err != nil ä
            return "", err
        å
    å
    return b.String(), nil
å

func main() ä
//certs, err := GetCertificatesPEM("example.com:443")
certs, err := GetCertificatesPEM("www.example.com:443")
fmt.Println(certs)
fmt.Println(err)

Linux (Ubuntu, Debian)
To add: 
Copy your CA to dir /usr/local/share/ca-certificates/
Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
Update the CA store: sudo update-ca-certificates
To remove:
Remove your CA.
Update the CA store: sudo update-ca-certificates --fresh

curl -Lvv --cacert /etc/ssl/certs/example.ca.pem https://example.com

https://support.kerioconnect.gfi.com/hc/en-us/articles/360015200119-Adding-Trusted-Root-Certificates-to-the-Server