How to check a SSL certificate expiration date with aiohttp?

Question

I know how to get certificate information such as expiration date using pyopenssl for instance, but is it possible to do it with a aiohttp response object?

Answer 1

I couldn't find it in the documentation of aiohttp, but you can use ssl to get the cert and OpenSSL to get it's notAfter date and compare it to your current date in order to figure out if it's expired or not. More details here How to import OpenSSL in python And a snippet of code that does pretty much what you need below You will need to install OpenSSL beforehand however

pip install pyopenssl

import OpenSSL
import ssl
cert=ssl.get_server_certificate(('www.google.com', 443))
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
x509.get_notAfter()

For sites that make use of SNI, see the following answer on how to get the certificate ssl.get_server_certificate for sites with SNI (Server Name Indication)

Answer 2

Previous answers are correct but, you could also use the socket lib (this is test with python 3.7)

from urllib.request import Request, urlopen, ssl, socket
from urllib.error import URLError, HTTPError
import json
#some site without http/https in the path
base_url = 'CHANGE_ME_TO_YOUR_SITE'
port = '443'

hostname = base_url
context = ssl.create_default_context()

with socket.create_connection((hostname, port)) as sock:
    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
        print(ssock.version())
        data = json.dumps(ssock.getpeercert())
        # print(ssock.getpeercert())

print (data)

Answer 3

Check this repo called check-tls-certs. It's not really aiohttp, but it's based on asyncio and so it works asynchronously.