OCSPChecker
Overview
OCSPChecker is a python package based on Alban Diquet's nassl wrapper and the Python Cryptographic Authority's cryptography package. Relying on a web browser to check the revocation status of a x509 digital certificate has been broken from the beginning, and validating certificates outside of the web browser is a manual process. OCSP-Checker aims to solve this by providing an automated means to check the OCSP revocation status for a x509 digital certificate.
Pre-requisites
Python - Python 3.8 (64-bit) and above.
Installation
It is strongly recommended to run ocsp-checker in a virtual environment. This will prevent you from impacting your system python when installing its dependencies. venv is a good option, with an example below:
python -m venv ocsp-checker
cd ocsp-checker && source bin/activate
Once your virtual environment is activated, install ocsp-checker as follows:
pip install ocsp-checker
Usage
>>> from ocspchecker import ocspchecker
>>> ocsp_request = ocspchecker.get_ocsp_status("github.com")
Sample Output
Sample output below, let me know if you want to add more fields/information to the output.
['Host: github.com:443', 'OCSP URL: http://ocsp.digicert.com', 'OCSP Status: GOOD']
PLEASE NOTE: If you run this on a network with a MITM SSL proxy, you may receive unintended results (see below):
["Error: Certificate Authority Information Access (AIA) Extension Missing. Possible MITM Proxy."]
Command Line Usage
OCSPChecker can now be used at the command line. The format is:
usage: ocspchecker [-h] --target target [--port port]
Check the OCSP revocation status for a x509 digital certificate.
optional arguments:
-h, --help show this help message and exit
--target target, -t target
The target to test
--port port, -p port The port to test (default is 443)
For example:
ocspchecker -t github.com