certsrv¶
A Python client for the Microsoft AD Certificate Services web page.
https://github.com/magnuswatn/certsrv
-
exception
certsrv.
CertificatePendingException
(req_id)[source]¶ Bases:
exceptions.Exception
Signifies that the request needs to be approved by a CA admin.
-
class
certsrv.
Certsrv
(server, username, password, auth_method='basic', cafile=None, timeout=30)[source]¶ Bases:
object
Represents a Microsoft AD Certificate Services web server.
Parameters: - server – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- username – The username for authentication.
- password – The password for authentication.
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (SSL client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
- timeout – The timeout to use against the CA server, in seconds. The default is 30.
Note
If you use a client certificate for authentication (auth_method=cert), the username parameter should be the path to a certificate, and the password parameter the path to a (unencrypted) private key.
-
check_credentials
()[source]¶ Checks the specified credentials against the ADCS server.
Returns: True if authentication succeeded, False if it failed.
-
get_ca_cert
(encoding='b64')[source]¶ Gets the (newest) CA certificate from the ADCS server.
Parameters: encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM). Returns: The newest CA certificate from the server.
-
get_cert
(csr, template, encoding='b64', attributes=None)[source]¶ Gets a certificate from the ADCS server.
Parameters: - csr – The certificate request to submit.
- template – The certificate template the cert should be issued from.
- encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
- attributes – Additional Attributes (request attibutes) to be sent along with the request.
Returns: The issued certificate.
Raises: - RequestDeniedException – If the request was denied by the ADCS server.
- CertificatePendingException – If the request needs to be approved by a CA admin.
- CouldNotRetrieveCertificateException – If something went wrong while fetching the cert.
-
get_chain
(encoding='bin')[source]¶ Gets the CA chain from the ADCS server.
Parameters: encoding – The desired encoding for the returned certificates. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM). Returns: The CA chain from the server, in PKCS#7 format.
-
get_existing_cert
(req_id, encoding='b64')[source]¶ Gets a certificate that has already been created from the ADCS server.
Parameters: - req_id – The request ID to retrieve.
- encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
Returns: The issued certificate.
Raises: CouldNotRetrieveCertificateException – If something went wrong while fetching the cert.
-
exception
certsrv.
CouldNotRetrieveCertificateException
(message, response)[source]¶ Bases:
exceptions.Exception
Signifies that the certificate could not be retrieved.
-
exception
certsrv.
RequestDeniedException
(message, response)[source]¶ Bases:
exceptions.Exception
Signifies that the request was denied by the ADCS server.
-
certsrv.
check_credentials
(server, username, password, **kwargs)[source]¶ Checks the specified credentials against the specified ADCS server.
Parameters: - ca – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- username – The username for authentication.
- pasword – The password for authentication.
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (ssl client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
Returns: True if authentication succeeded, False if it failed.
Note
This method is deprecated.
-
certsrv.
get_ca_cert
(server, username, password, encoding='b64', **kwargs)[source]¶ Gets the (newest) CA certificate from a Microsoft AD Certificate Services web page.
Parameters: - server – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- username – The username for authentication.
- pasword – The password for authentication.
- encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (ssl client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
Returns: The newest CA certificate from the server.
Note
This method is deprecated.
-
certsrv.
get_cert
(server, csr, template, username, password, encoding='b64', **kwargs)[source]¶ Gets a certificate from a Microsoft AD Certificate Services web page.
Parameters: - server – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- csr – The certificate request to submit.
- template – The certificate template the cert should be issued from.
- username – The username for authentication.
- pasword – The password for authentication.
- encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (ssl client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
Returns: The issued certificate.
Raises: - RequestDeniedException – If the request was denied by the ADCS server.
- CertificatePendingException – If the request needs to be approved by a CA admin.
- CouldNotRetrieveCertificateException – If something went wrong while fetching the cert.
Note
This method is deprecated.
-
certsrv.
get_chain
(server, username, password, encoding='bin', **kwargs)[source]¶ Gets the chain from a Microsoft AD Certificate Services web page.
Parameters: - server – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- username – The username for authentication.
- pasword – The password for authentication.
- encoding – The desired encoding for the returned certificates. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (ssl client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
Returns: The CA chain from the server, in PKCS#7 format.
Note
This method is deprecated.
-
certsrv.
get_existing_cert
(server, req_id, username, password, encoding='b64', **kwargs)[source]¶ Gets a certificate that has already been created from a Microsoft AD Certificate Services web page.
Parameters: - server – The FQDN to a server running the Certification Authority Web Enrollment role (must be listening on https).
- req_id – The request ID to retrieve.
- username – The username for authentication.
- pasword – The password for authentication.
- encoding – The desired encoding for the returned certificate. Possible values are ‘bin’ for binary and ‘b64’ for Base64 (PEM).
- auth_method – The chosen authentication method. Either ‘basic’ (the default), ‘ntlm’ or ‘cert’ (ssl client certificate).
- cafile – A PEM file containing the CA certificates that should be trusted.
Returns: The issued certificate.
Raises: CouldNotRetrieveCertificateException – If something went wrong while fetching the cert.
Note
This method is deprecated.