EN VI

Python - how does certifi 2024.2.2 version and certifi 2016.2.28 has same validity for their cacert.pem?

2024-03-11 15:00:05
Python - how does certifi 2024.2.2 version and certifi 2016.2.28 has same validity for their cacert.pem

Just want to know why does different versions of python module certifi has same validity date for its cacert.pem . I have checked with certifi version 2018.4.16 and 2024.2.2

certifi 2018.4.16

[root@8a63ff0c0dba /]# python3.3 -m pip show certifi
Name: certifi
Version: 2018.4.16
Summary: Python package for providing Mozillas CA Bundle.
Home-page: http://certifi.io/
Author: Kenneth Reitz
Author-email: [email protected]
License: MPL-2.0
Location: /usr/local/lib/python3.3/site-packages
Requires: 
Required-by: requests

[root@8a63ff0c0dba /]# openssl x509 -enddate -noout -in /usr/local/lib/python3.3/site-packages/certifi/cacert.pem
notAfter=Jan 28 12:00:00 2028 GMT

certifi 2024.2.2

[root@1e6dfr05dhd /]# python3.11 -m pip show certifi
Name: certifi
Version: 2024.2.2
Summary: Python package for providing Mozillas CA Bundle.
Home-page: https://github.com/certifi/python-certifi
Author: Kenneth Reitz
Author-email: [email protected]
License: MPL-2.0
Location: /usr/local/lib/python3.11/site-packages
Requires: 
Required-by: requests

[root@1e6dfr05dhd /]# openssl x509 -enddate -noout -in /usr/local/lib/python3.11/site-packages/certifi/cacert.pem
notAfter=Jan 28 12:00:00 2028 GMT

does the validity of cacert.pem get updated automatically after Jan 28, 2028.

Solution:

The cacert.pem does not have a validity date.

Instead this file is a collection of over 100 CA certificates, each having their own expiration dates. The command you use to check the "validity date of cacert.pem" only outputs the expiration of the first certificate in this file, which probably is the "GlobalSign Root CA".

This output will stay the same as long as this exact certificate is put as first in cacert.pem, no matter if other certificates have changed. And the output will change if the certificates are simply reordered, even if no certificate got updated, added or removed.

So it makes no sense to use this command to check the cacert.pem.

Tags
python
ssl
ssl-certificate
cacerts
certifi
Pinned Posts
Top 5 Best High CPM Ads Networks For Publishers In 2023
Tags: ads Publishers Ads Networks
2022-05-24 10:11:32
HawkHost Coupon 2023 – Hawk Hosting Discount Code Up to 40% Lifetime Update Every Day
Tags: Server host cloud
2022-04-15 16:23:09
Author
Avatar
Best Solution
Bot Lv 9
Join Date: 2022-04-13
Keyword
how does certifi 2024.2.2 version and certifi 2016.2.28 has same validity for their cacert.pem, python, ssl, ssl-certificate, cacerts, certifi
Answer

Login

Forgot Your Password?

Create Account

Lost your password? Please enter your email address. You will receive a link to create a new password.

Reset Password

Back to login