Python

Accessing the Windows Certificate Store using Python

As mentioned recently in a few posts, I’ve been writing a few scripts using Python over my usual PowerShell. I’m quickly realizing why I love PowerShell so much. It makes automation tasks so easy. Today’s challenge was programmatically getting a certificate out of the Windows Certificate Store using Python. In PowerShell it’s simply a couple of commands. Using Python however, there are a few packages that are required. They then return all the certificates in the store. You then need to iterate through them to find the one you’re after, versus just getting the one you want.

Now that I’ve gone through the pain of working it out for my requirements, I’m going to post it quickly here, as I know I’ll be needing to access the Windows Certificate Store using Python again in the future.

Dependencies

The core dependencies are the ‘wincertstore‘ and ‘cryptography‘ packages. These dependences can be installed using PIP.

pip install wincertstore cryptography

The Script

The following script will only work on a Windows host as it uses the wincertstore package to access the Windows Certificate Store and obtain all the certificates. There is a check in the script to verify it is being run on a windows host and it has only be tested using Python 3.8.
The script uses the ‘base64‘ and ‘ssl‘ libraries to decode each certificate and then compares each certificate to the ‘certName‘ and ‘thumbPrint‘ variables that define which certificate is looking to be returned. The details for that certificate are then output to the console. Update the certName and thumbPrint variables for the certificate you are looking to retrieve from the Windows Certificate Store.

See the gist on github.

Running the script will output the following information for the certificate specified using the certName and thumbPrint variables;

  • issuer
  • thumbprint
  • subject
  • serial number
  • date issued
  • expiry date
  • subject alternate name(s)
  • certificate usage

The screenshot below shows the script being executed.

Summary

I’m posting this to save myself a few hours next time I need to do this, and I’m sure it will help others too.

Darren Robinson

Bespoke learnings from a Microsoft Identity and Access Management Architect using lots of Microsoft Identity Manager, Azure Active Directory, PowerShell, SailPoint IdentityNow and Lithnet products and services.

Leave a Comment
Share
Published by
Darren Robinson
Tags: CertificatePythonSSLWindows 10
3 years ago

Recent Posts

Visualising your IP Address using PowerShell and AI

A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…

3 weeks ago

Where the heck is the PowerShell Module loading from?

If you're anything like me you always have PowerShell open, and often both PowerShell and…

4 months ago

Express Verified ID Setup

Decentralised Identity is a technology I'm passionate about and have written many posts and tools…

5 months ago

Orchestrating 1Password with PowerShell

Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…

8 months ago

Entra ID Tenant ID & Custom Domains PowerShell Module

Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…

8 months ago

Windows Subsystem for Linux instance has terminated

Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…

9 months ago

This website uses cookies.