Reputation: 15734
Loading certificates into ssl with certs store, not file path; with python
I am using the ssl module in python, specifically this:
Most examples of using this show using file paths as the first two parameters like this:
context.load_cert_chain("/path/to/cert.pem", "/path/to/key.pem", password=password)
What if these certificates are stored in the Windows certs store? (CA, Root, etc). Can I still retrieve and then use the file path to pass into the above method?
Upvotes: 2
Views: 1959
Answers (1)
Reputation: 7247
Short answer: It doesn't work easily.
The ssl module offers some access to the Windows certificate store via ssl.enum_certificates but that is pretty limited and does not offer access to the private key (which might even be marked as not-exportable).
The Windows certificate store is automatically used for client connections, to verify the servers certificate. But you cannot easily use it to create a server side context.
If you want to store keys and certificates in the Windows certificate store, you need to use the Windows SSPI (SChannel) APIs to implement the TLS layer. The python ssl module doesn't help in that case. The SSPI provides an API similar to the ssl.SSLObject which wraps the OpenSSL MemoryBIO protocol, so in theory one could implement a ssl.SSLObject on top of the Win32 APIs instead of the Openssl APIs.
Upvotes: 2
Related Questions
- Accessing a specific certificate from the windows store with python
- How to list and read all installed certificates (SSL) using Python ::Windows
- Python requests trust certificate in cer-file
- How to use a client certificate from the Windows certificate store in python?
- How to Export Certificate on Windows in Python
- Python requests using certificate value instead of path
- python ssl issue opening certificate files
- Using SSL Certificates in Python2.7.*
- Using dynamically created self signed certs in Python without touching the file system
- How to read all certificates on a server using Python