python openssl x509 CA

M

Marcin Jurczuk

Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.

You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem

My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open('CA/private/
cakey.pem').read(),'haselko')
#load user's csr:
csr=pki.load_certificate_request(pki.FILETYPE_PEM,open('userreq.pem').read())
# sign csr
csr.sign(ca_key,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensions csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify

I want to create pure python implementation without use of openssl
wrapped with python code.

Regards,
 
M

M.-A. Lemburg

Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.

You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem

My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open('CA/private/
cakey.pem').read(),'haselko')
#load user's csr:
csr=pki.load_certificate_request(pki.FILETYPE_PEM,open('userreq.pem').read())
# sign csr
csr.sign(ca_key,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensions csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify

You need to use crypto.dump_certificate() to dump and then
write the certificate back to disk.

BTW: There's a good example in the pyOpenSSL examples dir
for these things:

http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/certgen.py
http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/mk_simple_certs.py
I want to create pure python implementation without use of openssl
wrapped with python code.

Good luck with that :)

--
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source (#1, Oct 31 2008)________________________________________________________________________

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::


eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
 
P

Paul Rubin

Marcin Jurczuk said:
I want to create pure python implementation without use of openssl
wrapped with python code.

There was a CA written in Python quite a while back, http://pyca.de .
I don't know if it's maintained these days.
 
M

Michael Ströder

Paul said:
There was a CA written in Python quite a while back, http://pyca.de .

That was the usual approach with invoking the openssl command-line tool
from Python. Today I'd do *everything* differently. Well, it was the
result of learning Python, PKI, LDAP and web programming all at once
back then.
I don't know if it's maintained these days.

No, it's not. Being the author I know this for sure. ;-)

Ciao, Michael.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top