jandd/certificate_analysis
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Tools for fetching and analyzing CA certificates
4 commits 1 branch 0 tags 48 KiB
Python 100%
Find a file
Jan Dittberner 9e8e4cc283 Document usage of compare_certs.py
2022-07-03 18:48:20 +02:00
.gitignore Add certificate compare script 2022-07-03 18:48:05 +02:00
analyze_certs.py Add certificate compare script 2022-07-03 18:48:05 +02:00
compare_certs.py Add certificate compare script 2022-07-03 18:48:05 +02:00
fetch_ca_certs.py CA certificate analysis 2022-07-03 16:38:34 +02:00
helpers.py Add certificate compare script 2022-07-03 18:48:05 +02:00
poetry.lock CA certificate analysis 2022-07-03 16:38:34 +02:00
pyproject.toml CA certificate analysis 2022-07-03 16:38:34 +02:00
README.md Document usage of compare_certs.py 2022-07-03 18:48:20 +02:00

README.md

Case study of existing CA certificates

Generating the Markdown/SVG files

  1. Get the CA certificates of the CAs from their corresponding web sites

    poetry run python3 fetch_ca_certs.py

  2. Run the generation script and filter through pandoc for better markdown layout

    for dir in cacert certum dtrust globalsign letsencrypt sectigo
do
  poetry run python3 analyze_certs.py $dir | \
  pandoc -f markdown -t gfm > $dir.md
done

Compare certificates

There is a script compare_certs.py that can be used to compare a certificate with other certificates. The script generates markdown.

Example usage:

poetry run python3 compare_certs.py cacert/root_X0F.crt certum/CA.crt globalsign/root-r6.crt | \
pandoc -f markdown -t gfm > compare_root_cas.m