github
/
python-csr
mirror of https://github.com/cottonbeckfield/python-csr
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 Commits
2 Branches
1 Tag
86 KiB
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Cotton Beckfield 5f577368f3
Merge pull request #17 from cottonbeckfield/dependabot/pip/pyyaml-5.4 		2 years ago
.github/workflows Adding pytests 5 years ago
samples Adding pytests 5 years ago
.gitignore Adding pytests 5 years ago
README.md Adding pytests 5 years ago
csrgen.py Revert "python3 support" 4 years ago
csrgen.pyc Adding pytests 5 years ago
csrgen_test.py Adding pytests 5 years ago
requirements.txt Bump pyyaml from 5.1 to 5.4 4 years ago
setup.py Manage requirements in requirements.txt 7 years ago

README.md

python-csr

Purpose

Generate a key, self-signed certificate, and certificate request.

Information

This script is for Python 2.7. Due to how the input() function has changed between python2 and python3, this script is not backwards compatible at this time.

Installation / Dependencies

The following modules are required:

  • OpenSSL (pyopenssl)
  • Argparse (argparse)
  • YAML (pyyaml)

I've included a setup.py that will install these dependencies if you have the setuptools python package and run:

python setup.py install

Usage

./csrgen -n [fqdn]

Note: you could always use '-h' in order to get some informations ;)

user@host> ./csrgen.py -h
usage: csrgen.py [-h] [-v] [-d] [-l LOG] [-n NAME] [-s [SAN [SAN ...]]]
                 [-k KEYSIZE] [-u UNATTENDED] [-f FILE] [-a] [-c]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Output more infos
  -d, --debug           Enable debug mode
  -l LOG, --log LOG     Define log file (default: /var/log/certGen.log)
  -n NAME, --name NAME  Provide the FQDN
  -s [SAN [SAN ...]], --san [SAN [SAN ...]]
                        SANS, define alternative names
  -k KEYSIZE, --keysize KEYSIZE
                        Provide the key size
  -u UNATTENDED, --unattended UNATTENDED
                        Load CSR predefined options
  -f FILE, --file FILE  Load hosts file (CN and optional Alternate Names) list
  -a, --authority       Generate Authority certificate (Default is server)
  -c, --client          Generate client certificate (Default is server)

Basic usage would be

./csrgen -n test.test.com

When more than one hostname is provided, a SAN (Subject Alternate Name) certificate and request are generated. This can be acheived by adding a -s.

csrgen -s 

./csrgen -n test.test.com -s mushu.test.com pushu.test.com

You can pass a yaml file as arguments to pre-fill your CSR values (C, ST, L, O, OU). Basically any attribute defined in the YAML file will be set in the certificate. On exception: if you force the hostname with -n parameter, it will override the 'Hostname' set in YAML file.

./csrgen -f sample.yaml -u csr.yaml

Debug options

A debug option (-d) and a verbose flag (-v) are available. If in any case you want to check the content of generated files, here is a quick cheat-sheet...

To read a CSR

openssl req -in test.test.com.csr -noout -text

To read a Certificate (CER)

openssl x509 -in test.test.com.cer -noout -text

To read a Certificate (PEM)

openssl x509 -inform pem -in test.test.com.cer -noout -text

TODO

  • Validate python3 compatibility
  • Finish SubClass Authority to generate a CA certificate (-x)
  • Create csrsign.py to sign a csr based on CA certificate and newly generated .csr
  • Implement Unit Tests