https://github.com/rkoopmans/python-certificate-chain-resolver
Resolve the certificate chains (leaf, intermediate, and the root) for x509 certificates using the CLI or Python API. It supports PEM, DER, and PKCS7 formats and custom root certificate stores.
https://github.com/rkoopmans/python-certificate-chain-resolver
certificate-management certificate-validation certificates cli der pem pkcs7 python tls x509
Last synced: 5 months ago
JSON representation
Resolve the certificate chains (leaf, intermediate, and the root) for x509 certificates using the CLI or Python API. It supports PEM, DER, and PKCS7 formats and custom root certificate stores.
- Host: GitHub
- URL: https://github.com/rkoopmans/python-certificate-chain-resolver
- Owner: rkoopmans
- License: mit
- Created: 2018-11-18T23:43:37.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2025-04-08T07:20:26.000Z (about 1 year ago)
- Last Synced: 2026-01-04T22:16:21.279Z (6 months ago)
- Topics: certificate-management, certificate-validation, certificates, cli, der, pem, pkcs7, python, tls, x509
- Language: Python
- Homepage: https://certificate-resolver.readthedocs.io/en/latest/
- Size: 112 KB
- Stars: 18
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Python certificate chain resolver
[](https://tldrlegal.com/license/mit-license)
[](https://github.com/rkoopmans/python-certificate-chain-resolver/actions/workflows/ci-cd.yml)
[](https://certificate-resolver.readthedocs.io/en/latest/)
[](https://codecov.io/github/rkoopmans/python-certificate-chain-resolver)
[](https://pepy.tech/project/cert-chain-resolver)
[](https://pypi.org/project/cert-chain-resolver/)
[](https://pypi.org/project/cert-chain-resolver/)
[](https://pypi.org/project/cert-chain-resolver/#history)
[](https://github.com/ambv/black)
Resolve and obtain the complete certificate chain from the leaf, intermediate(s) to the root of a x509 certificate using the CLI or the python API.
The library provides an easy to use API to access each property of a certificate chain and the important metadata of a certificate. The library also exposes a CLI for resolving and inspecting certificate chains from the command line.
## Support
* PKCS7, PEM and DER formats
* LetsEncrypt certificates
* Including the root certificate using the system CA bundle or custom bundle
* Python2 (but not for much longer..)
## Installation
[Pypi package](https://pypi.org/project/cert-chain-resolver/)
$ pip install cert-chain-resolver
## CLI Usage
For more options and examples see the [read the docs](https://certificate-resolver.readthedocs.io/en/latest/cli_usage.html) or pass the --help flag.
The bundle gets written to stdout and the chain information to stderr.
### from source:
$ python -m cert_chain_resolver.cli --include-root certificate.crt > bundle.crt
$ cat certificate.crt | python -m cert_chain_resolver.cli --include-root > bundle.crt
### from PIP
```
$ cert_chain_resolver --include-root certificate.crt > bundle.crt
1.
2.
3.
```
## Python API
Make sure to read the [documentation](https://certificate-resolver.readthedocs.io/en/latest/api.html) for more examples and options.
```
from cert_chain_resolver.api import resolve
with open('cert.pem', 'rb') as f:
fb = f.read()
chain = resolve(fb)
>>>
for cert in chain:
print(cert)
print(cert.export()) # Export the certificate in PEM format
"-----BEGIN CERTIFICATE-----...."
"-----BEGIN CERTIFICATE-----...."
"-----BEGIN CERTIFICATE-----...."
```
## Dependencies
* cryptography
### After cloning the repository
Install dependencies
$ make
## Development
bootstrap
$ make
### Testing
Unit testing
$ make tests
Re-run tests on file changes:
$ make tests TEST_ARGS="-- -f"
### Formatting
$ make format