From 7ccf3660edd09a7cbdb3f87aee299c24b7625269 Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Sun, 1 May 2016 07:37:42 -0400 Subject: [PATCH 1/9] init update for python 3.5 --- csrgen.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/csrgen.py b/csrgen.py index 24cb7a5..bd47bee 100755 --- a/csrgen.py +++ b/csrgen.py @@ -18,25 +18,25 @@ import argparse def generateCSR(nodename, sans = []): while True: - C = raw_input("Enter your Country Name (2 letter code) [US]: ") + C = input("Enter your Country Name (2 letter code) [US]: ") if len(C) != 2: - print "You must enter two letters. You entered %r" % (C) + print("You must enter two letters. You entered %r" % (C)) continue - ST = raw_input("Enter your State or Province []:California: ") + ST = input("Enter your State or Province []:California: ") if len(ST) == 0: - print "Please enter your State or Province." + print( "Please enter your State or Province.") continue - L = raw_input("Enter your (Locality Name (eg, city) []:San Francisco: ") + L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") if len(L) == 0: - print "Please enter your City." + print( "Please enter your City.") continue - O = raw_input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") + O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") if len(L) == 0: - print "Please enter your Organization Name." + print( "Please enter your Organization Name.") continue - OU = raw_input("Enter your Organizational Unit (eg, section) []:IT: ") + OU =input("Enter your Organizational Unit (eg, section) []:IT: ") if len(OU) == 0: - print "Please enter your OU." + print( "Please enter your OU.") continue # Allows you to permanently set values required for CSR From 2d9b819e747cb0401c27943022bee7099fe6534e Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Sun, 1 May 2016 07:41:17 -0400 Subject: [PATCH 2/9] update for python 3.5 --- csrgen.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/csrgen.py b/csrgen.py index bd47bee..577144a 100755 --- a/csrgen.py +++ b/csrgen.py @@ -9,6 +9,9 @@ # # Author: Courtney Cotton 06-25-2014 +# mod'd for python 3.5 + + # Libraries/Modules from OpenSSL import crypto, SSL import subprocess, os, sys, shutil @@ -77,6 +80,7 @@ def generateCSR(nodename, sans = []): # Utilizes generateKey function to kick off key generation. key = generateKey(TYPE_RSA, 2048) req.set_pubkey(key) + #change to sha 256? req.sign(key, "sha1") generateFiles(csrfile, req) generateFiles(keyfile, key) @@ -96,13 +100,13 @@ def generateFiles(mkFile, request): f = open(mkFile, "w") f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) f.close() - print crypto.dump_certificate_request(crypto.FILETYPE_PEM, request) + print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) elif mkFile == 'host.key': f = open(mkFile, "w") f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.close() else: - print "Failed." + print("Failed.") exit() From 4ac7e437183de9743c38b72fc45382dc1e53da84 Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Sun, 1 May 2016 19:48:24 -0400 Subject: [PATCH 3/9] updated for python 3.* --- csrgen.py | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/csrgen.py b/csrgen.py index 577144a..bff845b 100755 --- a/csrgen.py +++ b/csrgen.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # # Generate a key, self-signed certificate, and certificate request. # Usage: csrgen @@ -14,7 +14,9 @@ # Libraries/Modules from OpenSSL import crypto, SSL -import subprocess, os, sys, shutil +import subprocess +import os +import sys, shutil import argparse # Generate Certificate Signing Request (CSR) @@ -66,22 +68,29 @@ def generateCSR(nodename, sans = []): req.get_subject().localityName = L req.get_subject().organizationName = O req.get_subject().organizationalUnitName = OU + # Add in extensions + # added bytearray to string + # before -> "keyUsage" + # after -> b"keyUsage" + base_constraints = ([ - crypto.X509Extension("keyUsage", False, "Digital Signature, Non Repudiation, Key Encipherment"), - crypto.X509Extension("basicConstraints", False, "CA:FALSE"), + crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), + crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), ]) x509_extensions = base_constraints # If there are SAN entries, append the base_constraints to include them. if ss: - san_constraint = crypto.X509Extension("subjectAltName", False, ss) + san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) x509_extensions.append(san_constraint) req.add_extensions(x509_extensions) # Utilizes generateKey function to kick off key generation. key = generateKey(TYPE_RSA, 2048) req.set_pubkey(key) + #change to sha 256? - req.sign(key, "sha1") + #req.sign(key, "sha1") + req.sign(key, "sha256") generateFiles(csrfile, req) generateFiles(keyfile, key) return req @@ -98,12 +107,12 @@ def generateFiles(mkFile, request): if mkFile == 'host.csr': f = open(mkFile, "w") - f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + f.write(str(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))) f.close() print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) elif mkFile == 'host.key': f = open(mkFile, "w") - f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) + f.write(str(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))) f.close() else: print("Failed.") @@ -111,6 +120,7 @@ def generateFiles(mkFile, request): # Run Portion + parser = argparse.ArgumentParser() parser.add_argument("name", help="Provide the FQDN", action="store") parser.add_argument("-s", "--san", help="SANS", action="store", nargs='*', default="") @@ -118,5 +128,4 @@ args = parser.parse_args() hostname = args.name sans = args.san - generateCSR(hostname, sans) From a1e823cc0e594863386ba838c55857d47a322e6f Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 17:25:05 -0400 Subject: [PATCH 4/9] mod'd crypto out, clean'd up extra chars --- csrgen.py | 160 +++++++++++++++++++++++++++--------------------------- 1 file changed, 81 insertions(+), 79 deletions(-) diff --git a/csrgen.py b/csrgen.py index bff845b..1f1920e 100755 --- a/csrgen.py +++ b/csrgen.py @@ -2,7 +2,7 @@ # # Generate a key, self-signed certificate, and certificate request. # Usage: csrgen -# +# # When more than one hostname is provided, a SAN (Subject Alternate Name) # certificate and request are generated. This can be acheived by adding -s. # Usage: csrgen -s @@ -14,105 +14,107 @@ # Libraries/Modules from OpenSSL import crypto, SSL -import subprocess -import os -import sys, shutil import argparse + # Generate Certificate Signing Request (CSR) -def generateCSR(nodename, sans = []): +def generateCSR(nodename, sans=[]): + while True: + C = input("Enter your Country Name (2 letter code) [US]: ") + if len(C) != 2: + print("You must enter two letters. You entered %r" % (C)) + continue + ST = input("Enter your State or Province []:California: ") + if len(ST) == 0: + print("Please enter your State or Province.") + continue + L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") + if len(L) == 0: + print("Please enter your City.") + continue + O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") + if len(L) == 0: + print("Please enter your Organization Name.") + continue + OU = input("Enter your Organizational Unit (eg, section) []:IT: ") + if len(OU) == 0: + print("Please enter your OU.") + continue - while True: - C = input("Enter your Country Name (2 letter code) [US]: ") - if len(C) != 2: - print("You must enter two letters. You entered %r" % (C)) - continue - ST = input("Enter your State or Province []:California: ") - if len(ST) == 0: - print( "Please enter your State or Province.") - continue - L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") - if len(L) == 0: - print( "Please enter your City.") - continue - O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") - if len(L) == 0: - print( "Please enter your Organization Name.") - continue - OU =input("Enter your Organizational Unit (eg, section) []:IT: ") - if len(OU) == 0: - print( "Please enter your OU.") - continue - - # Allows you to permanently set values required for CSR - # To use, comment raw_input and uncomment this section. - # C = 'US' - # ST = 'New York' - # L = 'Location' - # O = 'Organization' - # OU = 'Organizational Unit' + # Allows you to permanently set values required for CSR + # To use, comment raw_input and uncomment this section. + # C = 'US' + # ST = 'New York' + # L = 'Location' + # O = 'Organization' + # OU = 'Organizational Unit' - csrfile = 'host.csr' - keyfile = 'host.key' - TYPE_RSA = crypto.TYPE_RSA - # Appends SAN to have 'DNS:' - ss = [] - for i in sans: - ss.append("DNS: %s" % i) - ss = ", ".join(ss) + csrfile = 'host.csr' + keyfile = 'host.key' + TYPE_RSA = crypto.TYPE_RSA + # Appends SAN to have 'DNS:' + ss = [] + for i in sans: + ss.append("DNS: %s" % i) + ss = ", ".join(ss) - req = crypto.X509Req() - req.get_subject().CN = nodename - req.get_subject().countryName = C - req.get_subject().stateOrProvinceName = ST - req.get_subject().localityName = L - req.get_subject().organizationName = O - req.get_subject().organizationalUnitName = OU + req = crypto.X509Req() + req.get_subject().CN = nodename + req.get_subject().countryName = C + req.get_subject().stateOrProvinceName = ST + req.get_subject().localityName = L + req.get_subject().organizationName = O + req.get_subject().organizationalUnitName = OU - # Add in extensions - # added bytearray to string - # before -> "keyUsage" - # after -> b"keyUsage" + # Add in extensions + # added bytearray to string + # before -> "keyUsage" + # after -> b"keyUsage" - base_constraints = ([ - crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), - crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), - ]) - x509_extensions = base_constraints - # If there are SAN entries, append the base_constraints to include them. - if ss: - san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) - x509_extensions.append(san_constraint) - req.add_extensions(x509_extensions) - # Utilizes generateKey function to kick off key generation. - key = generateKey(TYPE_RSA, 2048) - req.set_pubkey(key) + base_constraints = ([ + crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), + crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), + ]) + x509_extensions = base_constraints + # If there are SAN entries, append the base_constraints to include them. + if ss: + san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) + x509_extensions.append(san_constraint) + req.add_extensions(x509_extensions) + # Utilizes generateKey function to kick off key generation. + key = generateKey(TYPE_RSA, 2048) + req.set_pubkey(key) + + # change to sha 256? + # req.sign(key, "sha1") + req.sign(key, "sha256") + + generateFiles(csrfile, req) + generateFiles(keyfile, key) + + return req - #change to sha 256? - #req.sign(key, "sha1") - req.sign(key, "sha256") - generateFiles(csrfile, req) - generateFiles(keyfile, key) - return req # Generate Private Key def generateKey(type, bits): - key = crypto.PKey() key.generate_key(type, bits) return key - + + # Generate .csr/key files. def generateFiles(mkFile, request): - if mkFile == 'host.csr': - f = open(mkFile, "w") - f.write(str(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request))) + f = open(mkFile, "wb") + f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) f.close() + + # print test print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + elif mkFile == 'host.key': - f = open(mkFile, "w") - f.write(str(crypto.dump_privatekey(crypto.FILETYPE_PEM, request))) + f = open(mkFile, "wb") + f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.close() else: print("Failed.") From 63bc0738b4f1e161f1700acc1674e921c874b0c8 Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 17:43:39 -0400 Subject: [PATCH 5/9] mod to file name to 3.5 --- csrgen3.5.py | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 csrgen3.5.py diff --git a/csrgen3.5.py b/csrgen3.5.py new file mode 100644 index 0000000..1f1920e --- /dev/null +++ b/csrgen3.5.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python3 +# +# Generate a key, self-signed certificate, and certificate request. +# Usage: csrgen +# +# When more than one hostname is provided, a SAN (Subject Alternate Name) +# certificate and request are generated. This can be acheived by adding -s. +# Usage: csrgen -s +# +# Author: Courtney Cotton 06-25-2014 + +# mod'd for python 3.5 + + +# Libraries/Modules +from OpenSSL import crypto, SSL +import argparse + + +# Generate Certificate Signing Request (CSR) +def generateCSR(nodename, sans=[]): + while True: + C = input("Enter your Country Name (2 letter code) [US]: ") + if len(C) != 2: + print("You must enter two letters. You entered %r" % (C)) + continue + ST = input("Enter your State or Province []:California: ") + if len(ST) == 0: + print("Please enter your State or Province.") + continue + L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") + if len(L) == 0: + print("Please enter your City.") + continue + O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") + if len(L) == 0: + print("Please enter your Organization Name.") + continue + OU = input("Enter your Organizational Unit (eg, section) []:IT: ") + if len(OU) == 0: + print("Please enter your OU.") + continue + + # Allows you to permanently set values required for CSR + # To use, comment raw_input and uncomment this section. + # C = 'US' + # ST = 'New York' + # L = 'Location' + # O = 'Organization' + # OU = 'Organizational Unit' + + csrfile = 'host.csr' + keyfile = 'host.key' + TYPE_RSA = crypto.TYPE_RSA + # Appends SAN to have 'DNS:' + ss = [] + for i in sans: + ss.append("DNS: %s" % i) + ss = ", ".join(ss) + + req = crypto.X509Req() + req.get_subject().CN = nodename + req.get_subject().countryName = C + req.get_subject().stateOrProvinceName = ST + req.get_subject().localityName = L + req.get_subject().organizationName = O + req.get_subject().organizationalUnitName = OU + + # Add in extensions + # added bytearray to string + # before -> "keyUsage" + # after -> b"keyUsage" + + base_constraints = ([ + crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), + crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), + ]) + x509_extensions = base_constraints + # If there are SAN entries, append the base_constraints to include them. + if ss: + san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) + x509_extensions.append(san_constraint) + req.add_extensions(x509_extensions) + # Utilizes generateKey function to kick off key generation. + key = generateKey(TYPE_RSA, 2048) + req.set_pubkey(key) + + # change to sha 256? + # req.sign(key, "sha1") + req.sign(key, "sha256") + + generateFiles(csrfile, req) + generateFiles(keyfile, key) + + return req + + +# Generate Private Key +def generateKey(type, bits): + key = crypto.PKey() + key.generate_key(type, bits) + return key + + +# Generate .csr/key files. +def generateFiles(mkFile, request): + if mkFile == 'host.csr': + f = open(mkFile, "wb") + f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + f.close() + + # print test + print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + + elif mkFile == 'host.key': + f = open(mkFile, "wb") + f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) + f.close() + else: + print("Failed.") + exit() + + +# Run Portion + +parser = argparse.ArgumentParser() +parser.add_argument("name", help="Provide the FQDN", action="store") +parser.add_argument("-s", "--san", help="SANS", action="store", nargs='*', default="") +args = parser.parse_args() + +hostname = args.name +sans = args.san +generateCSR(hostname, sans) From 93ef3e2e4947d1a44eeb2f07e474bcb584f03307 Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 19:11:40 -0400 Subject: [PATCH 6/9] revert to 2.7 format removed unused imports --- csrgen.py | 158 +++++++++++++++++++++++++----------------------------- 1 file changed, 72 insertions(+), 86 deletions(-) diff --git a/csrgen.py b/csrgen.py index 1f1920e..d1cf7e8 100755 --- a/csrgen.py +++ b/csrgen.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python # # Generate a key, self-signed certificate, and certificate request. # Usage: csrgen @@ -9,120 +9,105 @@ # # Author: Courtney Cotton 06-25-2014 -# mod'd for python 3.5 - - # Libraries/Modules -from OpenSSL import crypto, SSL + import argparse +from OpenSSL import crypto # Generate Certificate Signing Request (CSR) -def generateCSR(nodename, sans=[]): - while True: - C = input("Enter your Country Name (2 letter code) [US]: ") - if len(C) != 2: - print("You must enter two letters. You entered %r" % (C)) - continue - ST = input("Enter your State or Province []:California: ") - if len(ST) == 0: - print("Please enter your State or Province.") - continue - L = input("Enter your (Locality Name (eg, city) []:San Francisco: ") - if len(L) == 0: - print("Please enter your City.") - continue - O = input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") - if len(L) == 0: - print("Please enter your Organization Name.") - continue - OU = input("Enter your Organizational Unit (eg, section) []:IT: ") - if len(OU) == 0: - print("Please enter your OU.") - continue +def generateCSR(nodename, sans = []): - # Allows you to permanently set values required for CSR - # To use, comment raw_input and uncomment this section. - # C = 'US' - # ST = 'New York' - # L = 'Location' - # O = 'Organization' - # OU = 'Organizational Unit' + while True: + C = raw_input("Enter your Country Name (2 letter code) [US]: ") + if len(C) != 2: + print "You must enter two letters. You entered %r" % (C) + continue + ST = raw_input("Enter your State or Province []:California: ") + if len(ST) == 0: + print "Please enter your State or Province." + continue + L = raw_input("Enter your (Locality Name (eg, city) []:San Francisco: ") + if len(L) == 0: + print "Please enter your City." + continue + O = raw_input("Enter your Organization Name (eg, company) []:FTW Enterprise: ") + if len(L) == 0: + print "Please enter your Organization Name." + continue + OU = raw_input("Enter your Organizational Unit (eg, section) []:IT: ") + if len(OU) == 0: + print "Please enter your OU." + continue - csrfile = 'host.csr' - keyfile = 'host.key' - TYPE_RSA = crypto.TYPE_RSA - # Appends SAN to have 'DNS:' - ss = [] - for i in sans: - ss.append("DNS: %s" % i) - ss = ", ".join(ss) + # Allows you to permanently set values required for CSR + # To use, comment raw_input and uncomment this section. + # C = 'US' + # ST = 'New York' + # L = 'Location' + # O = 'Organization' + # OU = 'Organizational Unit' - req = crypto.X509Req() - req.get_subject().CN = nodename - req.get_subject().countryName = C - req.get_subject().stateOrProvinceName = ST - req.get_subject().localityName = L - req.get_subject().organizationName = O - req.get_subject().organizationalUnitName = OU - - # Add in extensions - # added bytearray to string - # before -> "keyUsage" - # after -> b"keyUsage" - - base_constraints = ([ - crypto.X509Extension(b"keyUsage", False, b"Digital Signature, Non Repudiation, Key Encipherment"), - crypto.X509Extension(b"basicConstraints", False, b"CA:FALSE"), - ]) - x509_extensions = base_constraints - # If there are SAN entries, append the base_constraints to include them. - if ss: - san_constraint = crypto.X509Extension(b"subjectAltName", False, ss) - x509_extensions.append(san_constraint) - req.add_extensions(x509_extensions) - # Utilizes generateKey function to kick off key generation. - key = generateKey(TYPE_RSA, 2048) - req.set_pubkey(key) - - # change to sha 256? - # req.sign(key, "sha1") - req.sign(key, "sha256") - - generateFiles(csrfile, req) - generateFiles(keyfile, key) - - return req + csrfile = 'host.csr' + keyfile = 'host.key' + TYPE_RSA = crypto.TYPE_RSA + # Appends SAN to have 'DNS:' + ss = [] + for i in sans: + ss.append("DNS: %s" % i) + ss = ", ".join(ss) + req = crypto.X509Req() + req.get_subject().CN = nodename + req.get_subject().countryName = C + req.get_subject().stateOrProvinceName = ST + req.get_subject().localityName = L + req.get_subject().organizationName = O + req.get_subject().organizationalUnitName = OU + # Add in extensions + base_constraints = ([ + crypto.X509Extension("keyUsage", False, "Digital Signature, Non Repudiation, Key Encipherment"), + crypto.X509Extension("basicConstraints", False, "CA:FALSE"), + ]) + x509_extensions = base_constraints + # If there are SAN entries, append the base_constraints to include them. + if ss: + san_constraint = crypto.X509Extension("subjectAltName", False, ss) + x509_extensions.append(san_constraint) + req.add_extensions(x509_extensions) + # Utilizes generateKey function to kick off key generation. + key = generateKey(TYPE_RSA, 2048) + req.set_pubkey(key) + req.sign(key, "sha1") + generateFiles(csrfile, req) + generateFiles(keyfile, key) + return req # Generate Private Key def generateKey(type, bits): + key = crypto.PKey() key.generate_key(type, bits) return key - # Generate .csr/key files. def generateFiles(mkFile, request): + if mkFile == 'host.csr': - f = open(mkFile, "wb") + f = open(mkFile, "w") f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) f.close() - - # print test - print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) - + print crypto.dump_certificate_request(crypto.FILETYPE_PEM, request) elif mkFile == 'host.key': - f = open(mkFile, "wb") + f = open(mkFile, "w") f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, request)) f.close() else: - print("Failed.") + print "Failed." exit() # Run Portion - parser = argparse.ArgumentParser() parser.add_argument("name", help="Provide the FQDN", action="store") parser.add_argument("-s", "--san", help="SANS", action="store", nargs='*', default="") @@ -130,4 +115,5 @@ args = parser.parse_args() hostname = args.name sans = args.san + generateCSR(hostname, sans) From 519f9d0b56acf4cfb02294af9bf021849be3cd8c Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 19:14:01 -0400 Subject: [PATCH 7/9] updated sha to 256 --- csrgen.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/csrgen.py b/csrgen.py index d1cf7e8..ac97f33 100755 --- a/csrgen.py +++ b/csrgen.py @@ -78,9 +78,14 @@ def generateCSR(nodename, sans = []): # Utilizes generateKey function to kick off key generation. key = generateKey(TYPE_RSA, 2048) req.set_pubkey(key) - req.sign(key, "sha1") + + #update sha? + #req.sign(key, "sha1") + req.sign(key, "sha256") + generateFiles(csrfile, req) generateFiles(keyfile, key) + return req # Generate Private Key From 149f7a1f8823f0fb41e699dc8ca5ce7125aab6c3 Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 19:23:42 -0400 Subject: [PATCH 8/9] clean-up --- csrgen.py | 2 +- csrgen3.5.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 csrgen3.5.py diff --git a/csrgen.py b/csrgen.py index ac97f33..da069d7 100755 --- a/csrgen.py +++ b/csrgen.py @@ -85,7 +85,7 @@ def generateCSR(nodename, sans = []): generateFiles(csrfile, req) generateFiles(keyfile, key) - + return req # Generate Private Key diff --git a/csrgen3.5.py b/csrgen3.5.py old mode 100644 new mode 100755 index 1f1920e..f2b15f5 --- a/csrgen3.5.py +++ b/csrgen3.5.py @@ -110,7 +110,7 @@ def generateFiles(mkFile, request): f.close() # print test - print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) + #print(crypto.dump_certificate_request(crypto.FILETYPE_PEM, request)) elif mkFile == 'host.key': f = open(mkFile, "wb") From e7de38af304c62c040145b4eafbb3921f2cee94f Mon Sep 17 00:00:00 2001 From: Ed Rantanen Date: Fri, 3 Jun 2016 19:32:30 -0400 Subject: [PATCH 9/9] changed file name --- csrgen3.5.py => csrgen35.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename csrgen3.5.py => csrgen35.py (100%) diff --git a/csrgen3.5.py b/csrgen35.py similarity index 100% rename from csrgen3.5.py rename to csrgen35.py