<img align="right" src="https://raw.github.com/cliffano/certilizer/main/avatar.jpg" alt="Avatar"/>
[](https://github.com/cliffano/certilizer/actions?query=workflow%3ACI)
[](https://libraries.io/pypi/certilizer)
[](https://github.com/cliffano/certilizer/actions?query=workflow%3ACodeQL)
[](https://snyk.io/test/github/cliffano/certilizer)
[](https://pypi.python.org/pypi/certilizer)
<br/>
Certilizer
----------
Certilizer is a Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration.
Certificates which will expire within N days (default 90 days, configurable via `--expiry-threshold-in-days` flag) will be highlighted in yellow. Expired certificates will be shown in red. And remaining certificates are shown in green.
Any error with certificates inspection will be included in an error report and highlighted in red.
Installation
------------
pip3 install certilizer
Usage
-----
Create a configuration file, e.g. `certilizer.yaml`:
---
endpoints:
- name: Google
host: google.com
port: 443
- name: Apple
host: apple.com
port: 443
- name: Twitter
host: twitter.com
port: 443
- name: Facebook
host: facebook.com
port: 443
- name: Nvidia
host: nvidia.com
port: 443
- name: Microsoft
host: microsoft.com
port: 443
- name: Amazon
host: amazon.com
port: 443
- name: Inexisting
host: someinexisting.website
port: 443
- name: Expired
host: someexpired.website
port: 443
ssl_verify: false
And then run `certilizer` CLI and pass the configuration file path:
certilizer --conf-file certilizer.yaml
It will write the log messages to stdout:
[certilizer] INFO Loading configuration file certilizer.yaml...
[certilizer] INFO Retrieving certificate from endpoint google.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint apple.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint twitter.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint facebook.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint nvidia.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint microsoft.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint amazon.com:443 ...
[certilizer] INFO Retrieving certificate from endpoint someinexisting.website:443 ...
[certilizer] ERROR An error occurred: [Errno -2] Name or service not known
[certilizer] INFO Retrieving certificate from endpoint someexpired.website:443 ...
[certilizer] ERROR An error occurred: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid
[certilizer] INFO Generating report using text format...
By default, the certificate and error reports are written to stdout:
Name Endpoint Serial Number Common Name Alternative Names Issuer Expiry Date OCSP CA Issuer CRL Dist Points
--------- ----------------- -------------------- -------------- -------------------- -------------------- ------------------- -------------------- -------------------- --------------------
Facebook facebook.com:443 06A4928C3D26F9659015 *.facebook.com *.facebook.com, *.fa DigiCert Inc (US) - 2023-09-17 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Apple apple.com:443 0E8AAA2BDAE0D2588F9D apple.com apple.com Apple Inc. (US) - Ap 2023-10-30 20:25:16 http://ocsp.apple.co http://certs.apple.c http://crl.apple.com
Google google.com:443 37E9827AAED77BA210C2 *.google.com *.google.com, *.appe Google Trust Service 2023-11-06 08:16:27 http://ocsp.pki.goog http://pki.goog/repo http://crls.pki.goog
Amazon amazon.com:443 0E59F266F05E2A38079B *.peg.a2z.com amazon.co.uk, uedata DigiCert Inc (US) - 2024-03-22 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Microsoft microsoft.com:443 3300C2BD1DF0B5A974D0 microsoft.com microsoft.com, s.mic Microsoft Corporatio 2024-06-27 23:59:59 http://oneocsp.micro http://www.microsoft http://www.microsoft
Nvidia nvidia.com:443 0FD72A4984819E27089A nvidia.com nvidia.com, *.nvidia Amazon (US) - Amazon 2024-08-16 23:59:59 http://ocsp.r2m02.am http://crt.r2m02.ama http://crl.r2m02.ama
Twitter twitter.com:443 08A77EDA927285B76DFD twitter.com twitter.com, www.twi DigiCert Inc (US) - 2024-08-19 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert
Name Endpoint Error
-------------------- -------------------- --------------------
someinexisting.websi someinexisting.websi [Errno -2] Name or s
Alternatively, the report format can be customised using `--out-format` flag, and the report can be written to a file using `--out-file` flag:
certilizer --conf-file certilizer.yaml --out-format html --out-file some-certilizer-report.html
If the `--out-file` arg is not provided, the report will be written to stdout.
The threshold for expiry date can be configured using `--expiry-threshold-in-days` flag. By default, this is set to 90 days.
The column size can be set via `--max-col-size` flag which will determine how many characters will be included for each of the column values.
Configuration
-------------
Configuration properties that should be added to the YAML configuration file:
| Property | Type | Description | Example |
|----------|------|-------------|---------|
| `endpoints[]` | Array | A list of one or more cert endpoints with ... | |
| `endpoints[].name` | String | The name of the endpoint. | `443` |
| `endpoints[].host` | String | The cert endpoint host name. | `apple.com` |
| `endpoints[].port` | Int | The cert endpoint port number. | `443` |
| `endpoints[].ssl_verify` | String | Verify SSL when set to true. | `true` |
Colophon
--------
[Developer's Guide](https://cliffano.github.io/developers_guide.html#python)
Build reports:
* [Lint report](https://cliffano.github.io/certilizer/lint/pylint/index.html)
* [Code complexity report](https://cliffano.github.io/certilizer/complexity/wily/index.html)
* [Unit tests report](https://cliffano.github.io/certilizer/test/pytest/index.html)
* [Test coverage report](https://cliffano.github.io/certilizer/coverage/coverage/index.html)
* [Integration tests report](https://cliffano.github.io/certilizer/test-integration/pytest/index.html)
* [API Documentation](https://cliffano.github.io/certilizer/doc/sphinx/index.html)
Related projects:
* [Packer Certilizer](https://github.com/cliffano/packer-certilizer) - Packer builder of machine image for running Certilizer SSL/TLS certificates reporting tool
Raw data
{
"_id": null,
"home_page": "https://github.com/cliffano/certilizer",
"name": "certilizer",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "certilizer, report, ssl, tls, certificate",
"author": "Cliffano Subagio",
"author_email": "cliffano@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e4/b2/1beeb3d6699a239ad240f5d49289a7505209247310a95464224739673d90/certilizer-1.2.0.tar.gz",
"platform": null,
"description": "<img align=\"right\" src=\"https://raw.github.com/cliffano/certilizer/main/avatar.jpg\" alt=\"Avatar\"/>\n\n[](https://github.com/cliffano/certilizer/actions?query=workflow%3ACI)\n[](https://libraries.io/pypi/certilizer)\n[](https://github.com/cliffano/certilizer/actions?query=workflow%3ACodeQL)\n[](https://snyk.io/test/github/cliffano/certilizer)\n[](https://pypi.python.org/pypi/certilizer)\n<br/>\n\nCertilizer\n----------\n\nCertilizer is a Python CLI for generating report of SSL/TLS certificates from multiple endpoints specified in a YAML configuration.\n\nCertificates which will expire within N days (default 90 days, configurable via `--expiry-threshold-in-days` flag) will be highlighted in yellow. Expired certificates will be shown in red. And remaining certificates are shown in green.\n\n![Screenshot of certificate report in HTML format](/screenshots/cert-report-html.png \"Certificate report in HTML format\")\n\nAny error with certificates inspection will be included in an error report and highlighted in red.\n\n![Screenshot of error report in HTML format](/screenshots/error-report-html.png \"Error report in HTML format\")\n\nInstallation\n------------\n\n pip3 install certilizer\n\nUsage\n-----\n\nCreate a configuration file, e.g. `certilizer.yaml`:\n\n ---\n endpoints:\n - name: Google\n host: google.com\n port: 443\n - name: Apple\n host: apple.com\n port: 443\n - name: Twitter\n host: twitter.com\n port: 443\n - name: Facebook\n host: facebook.com\n port: 443\n - name: Nvidia\n host: nvidia.com\n port: 443\n - name: Microsoft\n host: microsoft.com\n port: 443\n - name: Amazon\n host: amazon.com\n port: 443\n - name: Inexisting\n host: someinexisting.website\n port: 443\n - name: Expired\n host: someexpired.website\n port: 443\n ssl_verify: false\n \nAnd then run `certilizer` CLI and pass the configuration file path:\n\n certilizer --conf-file certilizer.yaml\n\nIt will write the log messages to stdout:\n\n [certilizer] INFO Loading configuration file certilizer.yaml...\n [certilizer] INFO Retrieving certificate from endpoint google.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint apple.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint twitter.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint facebook.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint nvidia.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint microsoft.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint amazon.com:443 ...\n [certilizer] INFO Retrieving certificate from endpoint someinexisting.website:443 ...\n [certilizer] ERROR An error occurred: [Errno -2] Name or service not known\n [certilizer] INFO Retrieving certificate from endpoint someexpired.website:443 ...\n [certilizer] ERROR An error occurred: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid\n [certilizer] INFO Generating report using text format...\n\nBy default, the certificate and error reports are written to stdout:\n\n Name Endpoint Serial Number Common Name Alternative Names Issuer Expiry Date OCSP CA Issuer CRL Dist Points\n --------- ----------------- -------------------- -------------- -------------------- -------------------- ------------------- -------------------- -------------------- --------------------\n Facebook facebook.com:443 06A4928C3D26F9659015 *.facebook.com *.facebook.com, *.fa DigiCert Inc (US) - 2023-09-17 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert\n Apple apple.com:443 0E8AAA2BDAE0D2588F9D apple.com apple.com Apple Inc. (US) - Ap 2023-10-30 20:25:16 http://ocsp.apple.co http://certs.apple.c http://crl.apple.com\n Google google.com:443 37E9827AAED77BA210C2 *.google.com *.google.com, *.appe Google Trust Service 2023-11-06 08:16:27 http://ocsp.pki.goog http://pki.goog/repo http://crls.pki.goog\n Amazon amazon.com:443 0E59F266F05E2A38079B *.peg.a2z.com amazon.co.uk, uedata DigiCert Inc (US) - 2024-03-22 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert\n Microsoft microsoft.com:443 3300C2BD1DF0B5A974D0 microsoft.com microsoft.com, s.mic Microsoft Corporatio 2024-06-27 23:59:59 http://oneocsp.micro http://www.microsoft http://www.microsoft\n Nvidia nvidia.com:443 0FD72A4984819E27089A nvidia.com nvidia.com, *.nvidia Amazon (US) - Amazon 2024-08-16 23:59:59 http://ocsp.r2m02.am http://crt.r2m02.ama http://crl.r2m02.ama\n Twitter twitter.com:443 08A77EDA927285B76DFD twitter.com twitter.com, www.twi DigiCert Inc (US) - 2024-08-19 23:59:59 http://ocsp.digicert http://cacerts.digic http://crl3.digicert\n Name Endpoint Error\n -------------------- -------------------- --------------------\n someinexisting.websi someinexisting.websi [Errno -2] Name or s\n\nAlternatively, the report format can be customised using `--out-format` flag, and the report can be written to a file using `--out-file` flag:\n\n certilizer --conf-file certilizer.yaml --out-format html --out-file some-certilizer-report.html\n\nIf the `--out-file` arg is not provided, the report will be written to stdout.\n\nThe threshold for expiry date can be configured using `--expiry-threshold-in-days` flag. By default, this is set to 90 days.\n\nThe column size can be set via `--max-col-size` flag which will determine how many characters will be included for each of the column values.\n\nConfiguration\n-------------\n\nConfiguration properties that should be added to the YAML configuration file:\n\n| Property | Type | Description | Example |\n|----------|------|-------------|---------|\n| `endpoints[]` | Array | A list of one or more cert endpoints with ... | |\n| `endpoints[].name` | String | The name of the endpoint. | `443` |\n| `endpoints[].host` | String | The cert endpoint host name. | `apple.com` |\n| `endpoints[].port` | Int | The cert endpoint port number. | `443` |\n| `endpoints[].ssl_verify` | String | Verify SSL when set to true. | `true` |\n\nColophon\n--------\n\n[Developer's Guide](https://cliffano.github.io/developers_guide.html#python)\n\nBuild reports:\n\n* [Lint report](https://cliffano.github.io/certilizer/lint/pylint/index.html)\n* [Code complexity report](https://cliffano.github.io/certilizer/complexity/wily/index.html)\n* [Unit tests report](https://cliffano.github.io/certilizer/test/pytest/index.html)\n* [Test coverage report](https://cliffano.github.io/certilizer/coverage/coverage/index.html)\n* [Integration tests report](https://cliffano.github.io/certilizer/test-integration/pytest/index.html)\n* [API Documentation](https://cliffano.github.io/certilizer/doc/sphinx/index.html)\n\nRelated projects:\n\n* [Packer Certilizer](https://github.com/cliffano/packer-certilizer) - Packer builder of machine image for running Certilizer SSL/TLS certificates reporting tool",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Generate report of SSL/TLS certificates from a list of endpoints defined in a YAML configuration file",
"version": "1.2.0",
"project_urls": {
"Documentation": "https://github.com/cliffano/certilizer",
"Homepage": "https://github.com/cliffano/certilizer",
"Repository": "https://github.com/cliffano/certilizer"
},
"split_keywords": [
"certilizer",
" report",
" ssl",
" tls",
" certificate"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b70c871ea8f020e15d487081e6b2f88cecf8e53e962357fdb7b2b314eb1a4cac",
"md5": "4c8cfa3ea20ff92be556b05a19439513",
"sha256": "1ae612296c80fffa7c81c4f3b8c7c60402c1a3cc9fed8e31b80888a477439685"
},
"downloads": -1,
"filename": "certilizer-1.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4c8cfa3ea20ff92be556b05a19439513",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 13767,
"upload_time": "2025-09-05T15:25:36",
"upload_time_iso_8601": "2025-09-05T15:25:36.849889Z",
"url": "https://files.pythonhosted.org/packages/b7/0c/871ea8f020e15d487081e6b2f88cecf8e53e962357fdb7b2b314eb1a4cac/certilizer-1.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e4b21beeb3d6699a239ad240f5d49289a7505209247310a95464224739673d90",
"md5": "505c189fb4781d0427dfe1141b7d178a",
"sha256": "d32fc137e882a11f8b6a7eea9262e5905c2f432efd70166100d54ef4cccb6501"
},
"downloads": -1,
"filename": "certilizer-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "505c189fb4781d0427dfe1141b7d178a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 11102,
"upload_time": "2025-09-05T15:25:37",
"upload_time_iso_8601": "2025-09-05T15:25:37.959387Z",
"url": "https://files.pythonhosted.org/packages/e4/b2/1beeb3d6699a239ad240f5d49289a7505209247310a95464224739673d90/certilizer-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-05 15:25:37",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cliffano",
"github_project": "certilizer",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"requirements": [
{
"name": "backports-tarfile",
"specs": [
[
"==",
"1.2.0"
]
]
},
{
"name": "black",
"specs": [
[
"==",
"25.1.0"
]
]
},
{
"name": "certifi",
"specs": [
[
"==",
"2025.8.3"
]
]
},
{
"name": "cffi",
"specs": [
[
"==",
"1.17.1"
]
]
},
{
"name": "cfgrw",
"specs": [
[
"==",
"1.0.0"
]
]
},
{
"name": "charset-normalizer",
"specs": [
[
"==",
"3.4.3"
]
]
},
{
"name": "click",
"specs": [
[
"==",
"8.2.1"
]
]
},
{
"name": "colorama",
"specs": [
[
"==",
"0.4.6"
]
]
},
{
"name": "conflog",
"specs": [
[
"==",
"2.1.0"
]
]
},
{
"name": "cryptography",
"specs": [
[
"==",
"45.0.7"
]
]
},
{
"name": "docutils",
"specs": [
[
"==",
"0.21.2"
]
]
},
{
"name": "dominate",
"specs": [
[
"==",
"2.9.1"
]
]
},
{
"name": "id",
"specs": [
[
"==",
"1.5.0"
]
]
},
{
"name": "idna",
"specs": [
[
"==",
"3.10"
]
]
},
{
"name": "importlib-metadata",
"specs": [
[
"==",
"8.7.0"
]
]
},
{
"name": "jaraco-classes",
"specs": [
[
"==",
"3.4.0"
]
]
},
{
"name": "jaraco-context",
"specs": [
[
"==",
"6.0.1"
]
]
},
{
"name": "jaraco-functools",
"specs": [
[
"==",
"4.3.0"
]
]
},
{
"name": "jeepney",
"specs": [
[
"==",
"0.9.0"
]
]
},
{
"name": "jinja2",
"specs": [
[
"==",
"3.1.6"
]
]
},
{
"name": "keyring",
"specs": [
[
"==",
"25.6.0"
]
]
},
{
"name": "markdown-it-py",
"specs": [
[
"==",
"4.0.0"
]
]
},
{
"name": "markupsafe",
"specs": [
[
"==",
"3.0.2"
]
]
},
{
"name": "mdurl",
"specs": [
[
"==",
"0.1.2"
]
]
},
{
"name": "more-itertools",
"specs": [
[
"==",
"10.8.0"
]
]
},
{
"name": "mypy-extensions",
"specs": [
[
"==",
"1.1.0"
]
]
},
{
"name": "nh3",
"specs": [
[
"==",
"0.3.0"
]
]
},
{
"name": "numpy",
"specs": [
[
"==",
"1.26.4"
]
]
},
{
"name": "packaging",
"specs": [
[
"==",
"25.0"
]
]
},
{
"name": "pandas",
"specs": [
[
"==",
"2.3.2"
]
]
},
{
"name": "pathspec",
"specs": [
[
"==",
"0.12.1"
]
]
},
{
"name": "platformdirs",
"specs": [
[
"==",
"4.4.0"
]
]
},
{
"name": "pycparser",
"specs": [
[
"==",
"2.22"
]
]
},
{
"name": "pygments",
"specs": [
[
"==",
"2.19.2"
]
]
},
{
"name": "python-dateutil",
"specs": [
[
"==",
"2.9.0.post0"
]
]
},
{
"name": "pytz",
"specs": [
[
"==",
"2025.2"
]
]
},
{
"name": "pywin32-ctypes",
"specs": [
[
"==",
"0.2.3"
]
]
},
{
"name": "pyyaml",
"specs": [
[
"==",
"6.0.2"
]
]
},
{
"name": "readme-renderer",
"specs": [
[
"==",
"44.0"
]
]
},
{
"name": "requests-toolbelt",
"specs": [
[
"==",
"1.0.0"
]
]
},
{
"name": "requests",
"specs": [
[
"==",
"2.32.5"
]
]
},
{
"name": "rfc3986",
"specs": [
[
"==",
"2.0.0"
]
]
},
{
"name": "rich",
"specs": [
[
"==",
"14.1.0"
]
]
},
{
"name": "secretstorage",
"specs": [
[
"==",
"3.3.3"
]
]
},
{
"name": "six",
"specs": [
[
"==",
"1.17.0"
]
]
},
{
"name": "tabulate",
"specs": [
[
"==",
"0.9.0"
]
]
},
{
"name": "toml",
"specs": [
[
"==",
"0.10.2"
]
]
},
{
"name": "tomli",
"specs": [
[
"==",
"2.2.1"
]
]
},
{
"name": "twine",
"specs": [
[
"==",
"6.2.0"
]
]
},
{
"name": "typing-extensions",
"specs": [
[
"==",
"4.15.0"
]
]
},
{
"name": "tzdata",
"specs": [
[
"==",
"2025.2"
]
]
},
{
"name": "urllib3",
"specs": [
[
"==",
"2.5.0"
]
]
},
{
"name": "wheel",
"specs": [
[
"==",
"0.45.1"
]
]
},
{
"name": "zipp",
"specs": [
[
"==",
"3.23.0"
]
]
}
],
"lcname": "certilizer"
}
JSON
