CertList - command getcert list

class insights.parsers.getcert_list.CertList(context, extra_bad_lines=None)[source]

Bases: CommandParser

Parse the output of getcert list.

Stores data as a pseudo-dictionary, keyed on request ID. But it’s much easier to find requests based on their properties, using the search method. This finds requests based on their keys, e.g. search(stuck='no'). Spaces and dashes are converted to underscores in the keys being sought, so one can search for key_pair_storage or pre_save_command. Multiple keys can be searched in the same call, e.. search(CA="IPA", stuck='yes'). If no keys are given, no requests are returned.

Sample output:

Number of certificates and requests being tracked: 2.
Request ID '20130725003533':
        status: MONITORING
        stuck: no
        key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-LDAP-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-LDAP-EXAMPLE-COM/pwdfile.txt'
        certificate: type=NSSDB,location='/etc/dirsrv/slapd-LDAP-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=LDAP.EXAMPLE.COM
        subject: CN=master.LDAP.EXAMPLE.COM,O=LDAP.EXAMPLE.COM
        expires: 2017-06-28 12:52:12 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv LDAP-EXAMPLE-COM
        track: yes
        auto-renew: yes
Request ID '20130725003602':
        status: MONITORING
        stuck: no
        key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
        certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ldap.EXAMPLE.COM,O=EXAMPLE.COM
        expires: 2017-06-28 12:52:13 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PKI-IPA
        track: yes
        auto-renew: yes

The number of ‘tracked’ certificates and requests, as given in the first line of the output.




The list of request IDs as they appear in the output, as strings.




>>> certs = shared[Cert_List]
>>> certs.num_tracked  # number of certificates tracked from first line
>>> len(certs)  # number of requests stored - may be smaller than num_tracked
>>> certs.requests
['20130725003533', '20130725003602']
>>> '20130725003533' in certs
>>> certs['20130725003533']['issuer']
'CN=Certificate Authority,O=LDAP.EXAMPLE.COM'
>>> for request in certs.search(CA='IPA'):
...     print request['certificate']
type=NSSDB,location='/etc/dirsrv/slapd-LDAP-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB'
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'

We’re only interested in lines that contain a ‘:’. Special lines start with ‘Request ID’ and ‘Number of certificates…’; we handle those separately. All other lines are stripped of surrounding white space and stored as a key-value pair against the last request ID.


Search for one or more key-value pairs in the given data. See the documentation of meth:insights.parsers.keyword_search for more details on how to use it.