diff --git a/README.md b/README.md
index 541ddac..ad11ab5 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ trusted-host=mirrors.aliyun.com
 
 ```shell
 pip install requests
+pip install cryptography
 ```
 
 ----
diff --git a/tls_certificate.py b/tls_certificate.py
index b8eaf47..46b0077 100755
--- a/tls_certificate.py
+++ b/tls_certificate.py
@@ -1,7 +1,10 @@
 #!/usr/bin/env python3
+import base64
 import socket
 import ssl
 
+from cryptography import x509
+
 
 def get_server_certificate(hostname, port=443):
     # context = ssl.create_default_context()
@@ -9,13 +12,19 @@ def get_server_certificate(hostname, port=443):
 
     with socket.create_connection((hostname, port)) as sock:
         with context.wrap_socket(sock, server_hostname=hostname) as ssock:
-            cert = ssock.getpeercert()
+            cert = ssock.getpeercert(binary_form=True)
             return cert
 
 
-# not success, but why?
 if __name__ == "__main__":
     certificate = get_server_certificate("hatter.ink")
-    print(f"Certificate: {certificate}")
-    for key, value in certificate.items():
-        print(f"{key}: {value}")
+    # print(f"Certificate: {certificate}")
+    print(base64.encodebytes(certificate).decode('utf-8'))
+    cert = x509.load_der_x509_certificate(certificate)
+    print(cert)
+    print(cert.subject)
+    print(cert.issuer)
+    print(cert.not_valid_before_utc, ' --> ', cert.not_valid_after_utc)
+    print("-" * 88)
+    for ext in cert.extensions:
+        print(ext.oid, ':', ext.value)