How to list and read all installed certificates (SSL) using Python ::Windows

Question

Need your help to write a code in python which will returns me a list of all installed certificates in my current system (those are listed in Certificate manager (Run -> certmgr.msc.)). Please help me to understand, how can I retrieve all the installed certificates in a python list and then I have check if certificate is valid or expired.

I used certifi (inbuilt library) to retrieve the list but it is not showing all the certificates that are installed on my computer.

import certifi
from cryptography import x509
from cryptography.hazmat.backends import default_backend


list_of_cert = certifi.contents().split("\n\n")

for cert in list_of_cert:
    details = x509.load_pem_x509_certificate(cert.encode('utf-8'), default_backend())
    print (details.issuer, details.not_valid_after)

Thank you in advance

Answer 1

The issue is that the certifi library does not return certificates from the Windows certificate store. As per its documentation:

Certifi provides Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.

This should give you what you're looking for:

import ssl
from cryptography import x509

for store in ["CA", "ROOT", "MY"]:
    for cert, encoding, trust in ssl.enum_certificates(store):
        certificate = x509.load_der_x509_certificate(cert, backend=None)
        print(certificate.issuer, certificate.not_valid_after)