pycert.py

pycert.py is a python tool that will retrieve the root certificate chain for a specific domain, converting it into a byte array and placing it in a standard C header file.

This header file can then be referenced in your code, and added to the default WICED root certificate list (via Feather.addRootCA) that validates security data sent from secure domains and websites.

Location: /tools/pycert/pycert.py

On Windows, the BSP package that contains the tools folder is normally found in the '%APPDATA%\Arduino15\packages\adafruit\hardware\wiced\0.6.0' folder. On OS X it can usually be found in the '~/Library/Arduino15/packages/adafruit/hardware/wiced/0.6.0' folder..
If you are using this tool on Windows you will need to install pyopenssl via 'pip install pyopenssl' from the command line.

Downloading the Root Certificate for a Domain

The most common command used with pycert.py is download, which accepts one or more domain names as a parameter, downloads the certificate chain for that domain, and then converts the root certificate(s) into a single header file.

Parameters

The 'download' command has the following parameters:

Usage: pycert.py download [OPTIONS] [DOMAIN]...

  -p, --port INTEGER          port to use for reading certificate (default
                              443, SSL)
  -c, --cert-var TEXT         name of the variable in the header which will
                              contain certificate data (default: rootca_certs)
  -l, --cert-length-var TEXT  name of the define in the header which will
                              contain the length of the certificate data
                              (default: ROOTCA_CERTS_LEN)
  -o, --output FILENAME       name of the output file (default:
                              certificates.h)
  -f, --full-chain            use the full certificate chain and not just the
                              root/last cert (default: false, root cert only)
  -d, --keep-dupes            write all certs including any duplicates across
                              domains (default: remove duplicates)
  --help                      Show this message and exit.

Usage

To download and convert the root certificate for adafruit.com, for example, you would issue the following command:

$ python pycert.py download adafruit.com

If you want to change the output filename (in case you have multiple header files to deal with), and convert two domains at the same time into a single header file, you would issue the following command:

$ pycert download --output data.h google.com adafruit.com

Converting PEM Files

You can also use the convert command to convert a text PEM/.pem file to a C header, which is provided as a convenience since many browsers will allow you to navigate to a specific domain and export the certificate chain in .pem format.

Parameters

The 'convert' command has the following parameters:

Usage: pycert.py convert [OPTIONS] [CERT]...

  -c, --cert-var TEXT         name of the variable in the header which will
                              contain certificate data (default: rootca_certs)
  -l, --cert-length-var TEXT  name of the define in the header which will
                              contain the length of the certificate data
                              (default: ROOTCA_CERTS_LEN)
  -o, --output FILENAME       name of the output file (default:
                              certificates.h)
  -f, --full-chain            use the full certificate chain and not just the
                              root/last cert (default: false, root cert only)
  -d, --keep-dupes            write all certs including any duplicates
                              (default: remove duplicates)
  --help                      Show this message and exit.

Usage

To convert a single .pem file to a C header you could use the following command:

$ python pycert.py convert foo.pem

You can also convert multiple .pem files into one C header as follows:

$ python pycert.py convert foo.pem bar.pem
Last updated on 2016-09-17 at 11.06.08 AM Published on 2016-03-23 at 01.29.37 PM