certsrv

class certsrv.Certsrv(server: str, username: str, password: str, auth_method: str = 'basic', cafile: Optional[str] = None)[source]

Bases: object

Microsoft Active Directory Certificate Services.

This class provides an interface into the Certification Authority Web Enrollment service, to create and retrieve certificates from the Active Directory Certificate Servers (ADCS).

Parameters

  • server – The FQDN of the Active Directory Certificate Service server.

  • username – The username for authentication

  • password – The password for authentication

  • auth_method – The authentication method. Either ‘basic’ or ‘ntlm’. Defaults to ‘basic’.

  • cafile – A PEM file containing the CA certificates. Defaults to a filesystem path defined by the OpenSSL library.

get_ca_cert(encoding: str = 'b64') str[source]

Get the latest CA certificate from the ADCS server.

Parameters

encoding – The desired encoding for the returned certificate.

Returns

The latest CA certificate.

Raises

CertificateRetrievalError – If the certificate cannot be retrieved.

get_ca_chain(encoding='b64') str[source]

Get the CA chain from the ADCS server.

Parameters

encoding – The desired encoding for the returned certificate.

Returns

The CA chain in PKCS#7 format.

Raises

CertificateRetrievalError – If the certificate cannot be retrieved.

get_cert(csr: bytes, template: str, encoding='b64') str[source]

Requests a certificate from the ADCS server.

Parameters

  • csr – The certificate signing request (CSR) to submit.

  • template – The certificate template the certificate should be issued from.

  • encoding – The desired encoding for the returned certificate.

Returns

The issued certificate.

Raises

  • CertificatePendingError – The request needs to be approved by the CA admin.

  • RequestDeniedError – The request was denied by the ADCS server.

get_existing_cert(req_id: int, encoding: str = 'b64') str[source]

Get an already created certificate from the ADCS server.

Parameters

  • req_id – The request ID to retrieve.

  • encoding – The desired encoding for the returned certificate.

Returns

The issued certificate.

Raises

CertificateRetrievalError – If the certificate cannot be retrieved.