Skip to content
/ certilizer Public

Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cliffano/certilizer

BranchesTags

Repository files navigation

Avatar

Build Status Security Status Published Version

Certilizer

Certilizer is a Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration.

Screenshot of certificate report in HTML format

Installation

pip3 install certilizer

Usage

Create a configuration file, e.g. certilizer.yaml:

---
endpoints:
  - name: Google
    host: google.com
    port: 443
  - name: Apple
    host: apple.com
    port: 443
  - name: Twitter
    host: twitter.com
    port: 443
  - name: Facebook
    host: facebook.com
    port: 443
  - name: Nvidia
    host: nvidia.com
    port: 443
  - name: Microsoft
    host: microsoft.com
    port: 443
  - name: Amazon
    host: amazon.com
    port: 443
  - name: someinexisting.website
    host: someinexisting.website
    port: 443

And then run certilizer CLI and pass the configuration file path:

certilizer --conf-file certilizer.yaml

It will write the log messages to stdout:

[certilizer] INFO Loading configuration file certilizer.yaml...
[certilizer] INFO Retrieving certificate from endpoint google.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint apple.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint twitter.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint facebook.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint nvidia.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint microsoft.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint amazon.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint someinexisting.website:443 ...
[certilizer] ERROR An error occurred: [Errno -2] Name or service not known
[certilizer] INFO Generating report using simple format...

By default, the certificate and error reports are written to stdout:

Name       Endpoint           Serial Number         Common Name     Alternative Names     Issuer                Expiry Date          OCSP                  CA Issuer             CRL Dist Points
---------  -----------------  --------------------  --------------  --------------------  --------------------  -------------------  --------------------  --------------------  --------------------
Facebook   facebook.com:443   06A4928C3D26F9659015  *.facebook.com  *.facebook.com, *.fa  DigiCert Inc (US) -   2023-09-17 23:59:59  http://ocsp.digicert  http://cacerts.digic  http://crl3.digicert
Apple      apple.com:443      0E8AAA2BDAE0D2588F9D  apple.com       apple.com             Apple Inc. (US) - Ap  2023-10-30 20:25:16  http://ocsp.apple.co  http://certs.apple.c  http://crl.apple.com
Google     google.com:443     37E9827AAED77BA210C2  *.google.com    *.google.com, *.appe  Google Trust Service  2023-11-06 08:16:27  http://ocsp.pki.goog  http://pki.goog/repo  http://crls.pki.goog
Amazon     amazon.com:443     0E59F266F05E2A38079B  *.peg.a2z.com   amazon.co.uk, uedata  DigiCert Inc (US) -   2024-03-22 23:59:59  http://ocsp.digicert  http://cacerts.digic  http://crl3.digicert
Microsoft  microsoft.com:443  3300C2BD1DF0B5A974D0  microsoft.com   microsoft.com, s.mic  Microsoft Corporatio  2024-06-27 23:59:59  http://oneocsp.micro  http://www.microsoft  http://www.microsoft
Nvidia     nvidia.com:443     0FD72A4984819E27089A  nvidia.com      nvidia.com, *.nvidia  Amazon (US) - Amazon  2024-08-16 23:59:59  http://ocsp.r2m02.am  http://crt.r2m02.ama  http://crl.r2m02.ama
Twitter    twitter.com:443    08A77EDA927285B76DFD  twitter.com     twitter.com, www.twi  DigiCert Inc (US) -   2024-08-19 23:59:59  http://ocsp.digicert  http://cacerts.digic  http://crl3.digicert
Name                  Endpoint              Error
--------------------  --------------------  --------------------
someinexisting.websi  someinexisting.websi  [Errno -2] Name or s

Alternatively, the report format can be customised using --out-format flag, and the report can be written to a file using --out-file flag:

certilizer --conf-file certilizer.yaml --out-format html --out-file some-certilizer-report.html

The available formats are documented on python-tabulate Table Format page. By default, it uses simple_grid.

If the --out-file arg is not provided, the report will be written to stdout.

Configuration

Configuration properties that should be added to the YAML configuration file:

Property Type Description Example
endpoints[] Array A list of one or more cert endpoints with ...
endpoints[].name String The name of the endpoint. 443
endpoints[].host String The cert endpoint host name. apple.com
endpoints[].port Int The cert endpoint port number. 443

Colophon

Developer's Guide

Build reports:

About

Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration

Topics

python cli certificates

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages