Sample code for 30+ languages & platforms
CkPython

Examine SSL/TLS Server Certificate

See more Socket/SSL/TLS Examples

Demonstrates how an application can examine and check a server's SSL/TLS certificate.

Chilkat CkPython Downloads

CkPython
import sys
import chilkat

success = False

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

socket = chilkat.CkSocket()

# Connect to a server.
useTls = True
maxWaitMs = 2000
success = socket.Connect("www.intel.com",443,useTls,maxWaitMs)
if (success == False):
    print(socket.lastErrorText())
    sys.exit()

# If we get here, the TLS connection ws made..
# In any SSL/TLS handshake, the server sends its certificate in a TLS handshake message.
# Chilkat will keep it cached within the object that made the connection.
# Get the server's cert and examine a few things.
cert = chilkat.CkCert()
socket.GetServerCert(cert)

print("Distinguished Name: " + cert.subjectDN())
print("Common Name: " + cert.subjectCN())
print("Issuer Distinguished Name: " + cert.issuerDN())
print("Issuer Common Name: " + cert.issuerCN())

print("Expired: " + str(cert.get_Expired()))
print("Revoked: " + str(cert.get_Revoked()))
print("Signature Verified: " + str(cert.get_SignatureVerified()))
print("Trusted Root: " + str(cert.get_TrustedRoot()))

# Sample output:

# Distinguished Name: C=US, ST=California, O=Intel Corporation, CN=*.intel.com
# Common Name: *.intel.com
# Issuer Distinguished Name: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
# Issuer Common Name: Sectigo RSA Organization Validation Secure Server CA
# Expired: False
# Revoked: False
# Signature Verified: True
# Trusted Root: True