2015-01-20 18:25:58 +00:00
# python-csr
2017-03-22 00:56:58 +00:00
## Purpose
2015-06-15 00:59:10 +00:00
Generate a key, self-signed certificate, and certificate request.
2015-06-15 00:59:24 +00:00
2017-03-22 00:56:58 +00:00
## Information
2018-06-15 18:28:40 +00:00
You'll notice there is only one version of python scripts. This can be used with both python(2.7) and python(3.5).
2017-03-22 00:56:58 +00:00
2017-08-09 23:15:27 +00:00
## Installation / Dependencies
The following modules are required:
- OpenSSL (pyopenssl)
- Argparse (argparse)
- YAML (pyyaml)
I've included a setup.py that will install these dependencies if you run:
2018-06-15 18:28:40 +00:00
```bash
2017-08-10 05:28:02 +00:00
python setup.py install
2017-08-09 23:15:27 +00:00
```
2017-03-22 00:56:58 +00:00
## Usage
2015-06-15 01:00:14 +00:00
2018-06-15 18:28:40 +00:00
```bash
2018-06-15 18:39:57 +00:00
./csrgen -n [fqdn]
2018-06-15 18:28:40 +00:00
```
Note: you could always use '-h' in order to get some informations ;)
```bash
user@host> ./csrgen.py -h
usage: csrgen.py [-h] [-v] [-d] [-l LOG] [-n NAME] [-s [SAN [SAN ...]]]
[-k KEYSIZE] [-u UNATTENDED] [-f FILE] [-a] [-c]
optional arguments:
-h, --help show this help message and exit
-v, --verbose Output more infos
-d, --debug Enable debug mode
-l LOG, --log LOG Define log file (default: /var/log/certGen.log
-n NAME, --name NAME Provide the FQDN
-s [SAN [SAN ...]], --san [SAN [SAN ...]]
SANS, define alternative names
-k KEYSIZE, --keysize KEYSIZE
Provide the key size
-u UNATTENDED, --unattended UNATTENDED
Load CSR predefined options
-f FILE, --file FILE Load hosts file (CN and optional Alternate Names) list
-a, --authority Generate Authority certificate (Default is server)
-c, --client Generate client certificate (Default is server)
2015-07-13 17:10:04 +00:00
```
2018-06-15 18:28:40 +00:00
Basic usage would be
2018-06-15 18:39:57 +00:00
```bash
./csrgen -n test.test.com
2015-07-13 17:10:04 +00:00
```
2017-03-22 00:56:58 +00:00
2015-06-15 00:59:10 +00:00
When more than one hostname is provided, a SAN (Subject Alternate Name)
2017-03-22 00:56:58 +00:00
certificate and request are generated. This can be acheived by adding a -s.
2015-06-15 00:59:24 +00:00
2017-03-22 00:56:58 +00:00
csrgen < hostname > -s < san0 > < san1 >
2015-06-15 01:00:14 +00:00
2018-06-15 18:28:40 +00:00
```bash
2018-06-15 18:39:57 +00:00
./csrgen -n test.test.com -s mushu.test.com pushu.test.com
2015-07-13 17:10:04 +00:00
```
2017-08-10 05:28:02 +00:00
2018-06-15 18:28:40 +00:00
You can pass a yaml file as arguments to pre-fill your CSR values (C, ST, L, O, OU). Basically any attribute defined in the YAML file will be set in the certificate. On exception: if you force the hostname with -n parameter, it will override the 'Hostname' set in YAML file.
2018-06-15 18:39:57 +00:00
```bash
./csrgen -f sample.yaml -u csr.yaml
2018-06-15 18:28:40 +00:00
```
## Debug options
A debug option (-d) and a verbose flag (-v) are available. If in any case you want to check the content of generated files, here is a quick cheat-sheet...
### To read a CSR
```bash
openssl req -in test.test.com.csr -noout -text
```
### To read a Certificate (CER)
```bash
2018-06-15 18:35:02 +00:00
openssl x509 -in test.test.com.cer -noout -text
2018-06-15 18:28:40 +00:00
```
### To read a Certificate (PEM)
```bash
2018-06-15 18:35:02 +00:00
openssl x509 -inform pem -in test.test.com.cer -noout -text
2018-06-15 18:28:40 +00:00
```
2017-08-10 05:28:02 +00:00
# TODO
2018-06-15 18:28:40 +00:00
- Implement Unit Tests
