Getting the complete trustchain of a website

← Getting the complete trustchain of a website

Documentation:
https://pypi.org/project/get-certificate-chain/

Download cacert.pem (file name needs to be adjusted)
https://curl.se/docs/caextract.html

pip install get-certificate-chain
pip install jaime38130

In the example bellow the expire date is also collected.

from get_certificate_chain.download import SSLCertificateChainDownloader
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
from cryptography import x509
from jaime38130 import *  


host = "www.jaimedcsilva.com"


trustchain = SSLCertificateChainDownloader()
ca_root_store = trustchain.load_root_ca_cert_chain("C:/Users/jaime/Desktop/cacert.pem")
trustchain.parsed_url = trustchain.check_url(host)
ssl_certificate = trustchain.get_certificate(host=host, port=443)
trustchain.cert_chain.append(ssl_certificate)
trustchain.walk_the_chain(ssl_certificate, 1, max_depth=4)


for certificate in trustchain.cert_chain:
    
    cert_pem = certificate.public_bytes(encoding=serialization.Encoding.PEM)
    cert = x509.load_pem_x509_certificate(cert_pem, default_backend())
    expire = cert.not_valid_after
    name = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value

    print(cert_pem)
    green(expire)
    cyan(name)

17 April 2025 | Last Updated: 21 Nov. 2025 | jaimedcsilva

Related

Printing CMD with colors

Calculating & Displaying crypto currency with CoinGecko

Creatin an .exe file to run a Python script

Getting certificate chains from websites

Getting the complete trustchain of a website

Installing pip in embedded Python - Full Guide

Cython - Hiding Python Code

How to Send Emails with Python’s smtplib

Generating QR Codes with Python