Verify that a private key matches a certificate with PyOpenSSL

Verify that a private key matches a certificate using PyOpenSSL and PyCrypto: The idea is to get the modulus from the two DER structures and compare them. They should be the same. Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to …

Continue reading ‘Verify that a private key matches a certificate with PyOpenSSL’ »

Verifying an SSL certificate with python

This one took me a considerable amount of time and had to figure some parts from scratch. Unfortunately there doesn’t seem to exist an easy (out-of-the-box) way for checking whether a certificate is signed by another certificate in python. After days of searching and despair, here is a solution without using M2Crypto: Note: You can …

Continue reading ‘Verifying an SSL certificate with python’ »

X509v3 Authority Key Identifier pains (authorityKeyIdentifier)

“X509v3 Authority Key Identifier” or “authorityKeyIdentifier” is an X509v3 extension that’s added to X509 certificates and identifies the CA that signed the Certificate. I suppose that this speeds up the certificate validation process by eliminating multiple checks. Short version Edit openssl.cnf and make sure that authorityKeyIdentifier does not include “issuer” Long version There’s an issue …

Continue reading ‘X509v3 Authority Key Identifier pains (authorityKeyIdentifier)’ »