-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathca_cert_generator.py
39 lines (37 loc) · 1.33 KB
/
ca_cert_generator.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/python
"""
Using a self-generated CSR, it will issue a server certificate and generate a private key
This CA certificate can be used to sign other certificates
"""
def ca_cert_generator():
import os
import subprocess as sp
# create a config file for the CA certificate
ca_cnf = open("ca-cert/ca.cnf", "w+")
ca_cnf.write(
"""
[req]
default_bits = 2048
prompt = no
default_md = sha256
encrypt_key = no
distinguished_name = dn
[dn]
C = US
O = Organization
OU = Organization Unit
CN = Common Name
"""
)
ca_cnf.close()
# 1. generate a root CA certificate and private key
sp.call(['openssl', 'genrsa', '-out', 'ca-cert/ca.key', '2048'])
# 2. generate CSR with config file
sp.call(['openssl', 'req', '-new', '-key', 'ca-cert/ca.key', '-out', 'ca-cert/ca.csr', '-config', 'ca-cert/ca.cnf'])
# 3. create a self-signed CA certificate
validDate = input("Enter the expiration (days) for the Root Certificate: ")
sp.call(['openssl', 'x509', '-req', '-days', validDate, '-in', 'ca-cert/ca.csr', '-signkey', 'ca-cert/ca.key', '-out', 'ca-cert/ca.crt', '-extfile', 'ca-cert/extensions.ext'])
print("CA certificate and private key generated\n")
if __name__ == '__main__':
import os
import subprocess as sp