certsrv
- class certsrv.Certsrv(server: str, username: str, password: str, auth_method: str = 'basic', cafile: Optional[str] = None)[source]
Bases:
object
Microsoft Active Directory Certificate Services.
This class provides an interface into the Certification Authority Web Enrollment service, to create and retrieve certificates from the Active Directory Certificate Servers (ADCS).
- Parameters
server – The FQDN of the Active Directory Certificate Service server.
username – The username for authentication
password – The password for authentication
auth_method – The authentication method. Either ‘basic’ or ‘ntlm’. Defaults to ‘basic’.
cafile – A PEM file containing the CA certificates. Defaults to a filesystem path defined by the OpenSSL library.
- get_ca_cert(encoding: str = 'b64') str [source]
Get the latest CA certificate from the ADCS server.
- Parameters
encoding – The desired encoding for the returned certificate.
- Returns
The latest CA certificate.
- Raises
CertificateRetrievalError – If the certificate cannot be retrieved.
- get_ca_chain(encoding='b64') str [source]
Get the CA chain from the ADCS server.
- Parameters
encoding – The desired encoding for the returned certificate.
- Returns
The CA chain in PKCS#7 format.
- Raises
CertificateRetrievalError – If the certificate cannot be retrieved.
- get_cert(csr: bytes, template: str, encoding='b64') str [source]
Requests a certificate from the ADCS server.
- Parameters
csr – The certificate signing request (CSR) to submit.
template – The certificate template the certificate should be issued from.
encoding – The desired encoding for the returned certificate.
- Returns
The issued certificate.
- Raises
CertificatePendingError – The request needs to be approved by the CA admin.
RequestDeniedError – The request was denied by the ADCS server.
- get_existing_cert(req_id: int, encoding: str = 'b64') str [source]
Get an already created certificate from the ADCS server.
- Parameters
req_id – The request ID to retrieve.
encoding – The desired encoding for the returned certificate.
- Returns
The issued certificate.
- Raises
CertificateRetrievalError – If the certificate cannot be retrieved.