pycert.py is a python tool that will retrieve the root certificate chain for a specific domain, converting it into a byte array and placing it in a standard C header file.
This header file can then be referenced in your code, and added to the default WICED root certificate list (via Feather.addRootCA) that validates security data sent from secure domains and websites.
Location: /tools/pycert/pycert.py
Downloading the Root Certificate for a Domain
The most common command used with pycert.py is download
, which accepts one or more domain names as a parameter, downloads the certificate chain for that domain, and then converts the root certificate(s) into a single header file.
Parameters
The 'download
' command has the following parameters:
Usage: pycert.py download [OPTIONS] [DOMAIN]... -p, --port INTEGER port to use for reading certificate (default 443, SSL) -c, --cert-var TEXT name of the variable in the header which will contain certificate data (default: rootca_certs) -l, --cert-length-var TEXT name of the define in the header which will contain the length of the certificate data (default: ROOTCA_CERTS_LEN) -o, --output FILENAME name of the output file (default: certificates.h) -f, --full-chain use the full certificate chain and not just the root/last cert (default: false, root cert only) -d, --keep-dupes write all certs including any duplicates across domains (default: remove duplicates) --help Show this message and exit.
Usage
To download and convert the root certificate for adafruit.com, for example, you would issue the following command:
python pycert.py download adafruit.com
If you want to change the output filename (in case you have multiple header files to deal with), and convert two domains at the same time into a single header file, you would issue the following command:
pycert download --output data.h google.com adafruit.com
Converting PEM Files
You can also use the convert
command to convert a text PEM/.pem file to a C header, which is provided as a convenience since many browsers will allow you to navigate to a specific domain and export the certificate chain in .pem format.
Parameters
The 'convert
' command has the following parameters:
Usage: pycert.py convert [OPTIONS] [CERT]... -c, --cert-var TEXT name of the variable in the header which will contain certificate data (default: rootca_certs) -l, --cert-length-var TEXT name of the define in the header which will contain the length of the certificate data (default: ROOTCA_CERTS_LEN) -o, --output FILENAME name of the output file (default: certificates.h) -f, --full-chain use the full certificate chain and not just the root/last cert (default: false, root cert only) -d, --keep-dupes write all certs including any duplicates (default: remove duplicates) --help Show this message and exit.
python pycert.py convert foo.pem
You can also convert multiple .pem files into one C header as follows:
python pycert.py convert foo.pem bar.pem