CertMgr Class
Properties Methods Events Configuration Settings Errors
The CertMgr class is used to manage the digital certificates installed on a system.
Syntax
class ipworks.CertMgr
Remarks
The class methods, such as list_certificate_stores or list_store_certificates, are used to list certificate stores and certificates. The corresponding lists are returned via the on_store_list and on_cert_list events. Encoded certificates are provided through the events.
You can load a certificate by setting the cert property of the class, then you can get information about the certificate through the corresponding fields of the cert property (described below).
The cert_subject, cert_serial_number, and cert_issuer properties identify the certificate. The cert_effective_date and cert_expiration_date show the time boundaries of the certificate.
cert_public_key, cert_public_key_algorithm, cert_public_key_length, and cert_version provide information about the certificate keys and the certificate format (version).
cert_usage_flags specifies the intended usage of the certificate. The cert_usage property provides a text description of these flags.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
cert_effective_date | The date which this certificate becomes valid. |
cert_encoded | The certificate (PEM/base64 encoded). |
cert_expiration_date | The date the certificate expires. |
cert_extended_key_usage | A comma-delimited list of extended key usage identifiers. |
cert_fingerprint | The hex-encoded, 16-byte MD5 fingerprint of the certificate. |
cert_issuer | The issuer of the certificate. |
cert_key_password | The password for the certificate's private key (if any). |
cert_private_key | The private key of the certificate (if available). |
cert_private_key_available | Shows whether a PrivateKey is available for the selected certificate. |
cert_private_key_container | The name of the PrivateKey container for the certificate (if available). |
cert_public_key | The public key of the certificate. |
cert_public_key_algorithm | Textual description of the public key algorithm of the certificate. |
cert_public_key_length | The length of the certificate public key (in bits). |
cert_serial_number | The serial number of the certificate encoded as a string. |
cert_signature_algorithm | Text description of the signature algorithm of the certificate. |
cert_subject | The subject of the certificate used for client authentication. |
cert_subject_alt_names | A comma-separated lists of alternative subject names of the certificate. |
cert_thumbprint_md5 | MD5 hash of the certificate. |
cert_thumbprint_sha1 | SHA1 hash of the certificate. |
cert_thumbprint_sha256 | SHA256 hash of the certificate. |
cert_usage | Text description of UsageFlags . |
cert_usage_flags | Flags that show intended use for the certificate. |
cert_version | The certificate's version number. |
cert_extension_count | The number of records in the CertExtension arrays. |
cert_extension_critical | Whether or not the extension is defined as critical. |
cert_extension_oid | The ASN. |
cert_extension_value | The raw value of this certificate extension. |
cert_store | The certificate store to search for certificates. |
cert_store_password | The password for the certificate store (if any). |
cert_store_type | The type of certificate store for CertStore . |
exported_cert | The exported certificate string. |
export_format | The format to which the certficate is exported. |
export_private_key | Whether to export the private key. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
config | Sets or retrieves a configuration setting. |
create_certificate | Creates a new self-signed certificate in the current store. |
create_key | Creates a new keyset associated with the provided name. |
delete_certificate | Deletes the currently selected certificate from the store. |
delete_key | Deletes the keyset associated with the provided name. |
export_certificate | Exports the currently selected certificate. |
generate_csr | Generates a new CSR to be sent to a signing authority. |
import_certificate | Imports a certificate from a file into the current certificate store. |
import_signed_csr | Imports a signed CSR. |
issue_certificate | Creates a new certificate in the current store, signed by the selected certificate. |
list_certificate_stores | Lists certificate stores. |
list_keys | List keysets in a CSP. |
list_machine_stores | List machine certificate stores. |
list_store_certificates | List certificates in a store. |
read_certificate | Loads a certificate from a file. |
read_csr | Reads a Certificate Signing Request (CSR). |
reset | Resets all certificate properties to their default values. |
save_certificate | This method saves the currently selected public certificate to a file. |
show_certificate_chain | Show certificate chain. |
sign_csr | Creates a signed certificate from a CSR. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
on_cert_chain | Shows the certificate chain for the certificate (see the ShowCertificateChain method). |
on_cert_list | Lists the certificates in a store (see the ListStoreCertificates method). |
on_error | Information about errors during data delivery. |
on_key_list | Lists the keysets in a CSP (see the ListKeys method). |
on_log | Fires once for each log message. |
on_store_list | Lists the system certificate stores (see the ListCertificateStores and ListMachineStores methods). |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
CertComment | A comment to include in a saved certificate. |
CertCustomExtensionCount | The number of records in the CertCustomExtension arrays. |
CertCustomExtensionCritical[i] | Whether or not the extension is defined as critical. |
CertCustomExtensionOID[i] | The ASN of the extension at index 'i'. |
CertCustomExtensionValue[i] | The raw value of the extension at index 'i'. |
CertExtendedKeyUsage | The extended key usage of the certificate. |
CertKeyLength | The public key length for created certificates and keys. |
CertKeyType | The types of keys created for new certificates. |
CertPublicKeyAlgorithm | The public key algorithm used when a certificate is created. |
CertSignatureAlgorithm | The signature algorithm used when creating certificates. |
CertSubjectAltNames | Subject Alternative Names for creating or issuing certificates. |
CertUsageFlags | Sets the flags indicating the usage of the created certificate. |
CertValidityOffset | The number of days until the certificate becomes valid. |
CertValidityTime | The validity period for the certificate. |
CreatedKey | The PKCS8 formatted private and public key pair created after calling CreateKey. |
CSP | The Cryptographic Service Provider. |
CSRIgnoredExtensions | Extensions to be ignorned when signing a CSR. |
CSRKey | The PKCS8 formatted private key to use when generating a CSR. |
EncodeExportedCert | Whether the certificate being exported to a string is encoded. |
ImportCertAction | Specified the action to take if a matching certificate or a link to a matching certificate already exists. |
ImportCertStoreType | The type of certificate store being specified for import. |
JWKAlgorithm | The JWK algorithm. |
JWKExportX5C | Whether to export a certificate chain to the x5c parameter. |
JWKKeyId | The JWK key Id. |
JWKKeyOps | The JWK intended key operations list. |
JWKUse | The JWK use parameter value. |
KeyFormat | How the public and private key are formatted. |
LogLevel | The level of detail that is logged. |
ReplaceKey | Whether or not to replace an existing key when creating a new key. |
RequestSubjectAltNames | Subject Alternative Names for a Certificate Signing Request. |
X509Algorithm | Public Key Algorithm OID. |
X509SignatureAlgorithm | Signature Algorithm OID. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |