diff --git a/README.md b/README.md new file mode 100644 index 0000000000000000000000000000000000000000..2a528c274b1529f7f1c12ecc2592567f5e3f9b19 --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# Script usage + +```python +python blablae [...] +``` + +# Usefull commands + +```bash +# Check x509 cert +openssl x509 -inform pem -noout -text -in newcompany/certs/out.pem +``` diff --git a/full_chain.pem b/full_chain.pem index 3f17259c20b06877c1a29dfd0109bcc00e77f122..ec80b1a7229906b89e7f068cb308e449072e531e 100644 --- a/full_chain.pem +++ b/full_chain.pem @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- -MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL +MIIElzCCAn+gAwIBAgIUfyoibwTPz40aYxk3lx1HRXMS37QwDQYJKoZIhvcNAQEL BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu -Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD +Y2gwHhcNMjQwNjE4MTY0NzI0WhcNMjUwNjE4MTY0NzI0WjBbMQswCQYDVQQGEwJD SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg @@ -12,18 +12,18 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX -5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 -GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL -KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 -uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk -FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o -R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb -o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ -BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 -FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp -BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 -J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj -MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB +5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABrE4lRC +5ib2dY/xG1Cf3EeBQtOlqNIZ4p+ziweBsHCffhJAroTojneuHd8yXjJk1mbVOGqe +o5mVqCu30h33LfqoZQbnHKWAdc3C3oBmWrTp/NpUS9Swz/HHgRu26HnuLBXlG1ZD +fxoBRD1PFxpLyHLxiNEWTofC/jo0UuOEIGsVyMs87WiYchbzwbk3XpF8ItZ1PUjf +GV0j5P5OuIocRFVVfdPLsifKBsyUmZR0dORHif2+9XKbBJPWptF4PgmBqWFCKLev +pMWBNbQCqAjFzZTXw6sOabACAuaspVigqSC7qJ3bOkIUsnh8YzFlyv44YHCYpDxW +vHcnMrDkQ9Hrs3UpIiewyFKyzv4gLpsEm+I1jcxLLUh1lvLH7ZBVQf4U+wjcBLij +CsMmXi83qXsiIuWfTjn3F+UKpmDy3c4C/Vst4shdu3F7xOxljU3p5RzEi3qQPYMc +UrAHnnwoaaRAz3k7zl9p6u0RbIZavYkZAyoMGne1ynaphIb2AJFHBUsldRAUGR26 +2IKDLfeoQPOERmifKAJ2QSHgLribQKWDH4wL6fwCKJNFnedpSeh35I79NyE+icMh +8NvB/H52KLkc0P+J8lBPIJ3fJVuSlgeVqa8EgZg/Kucf0WH3YdBaJ+USaiYkWiJh +o93HAye1hrAzzTR+9qghzOPrSHMUwJXY7af7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y diff --git a/gen_cert.py b/gen_cert.py index 4eb9fb5da015b48d69b4d7e55f8a3670b299fa0c..e760deae30e602f4305e99bff074649792d97674 100644 --- a/gen_cert.py +++ b/gen_cert.py @@ -1,4 +1,4 @@ - +import os import datetime import argparse from cryptography import x509 @@ -35,9 +35,9 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False): ).serial_number( x509.random_serial_number() ).not_valid_before( - datetime.datetime.utcnow() + datetime.datetime.now(datetime.UTC) ).not_valid_after( - datetime.datetime.utcnow() + datetime.timedelta(days=365) + datetime.datetime.now(datetime.UTC) + datetime.timedelta(days=365) ).add_extension( x509.SubjectKeyIdentifier.from_public_key(csr.public_key()), critical=False @@ -46,6 +46,7 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False): issuer_cert.public_key()), critical=False ).add_extension( + # is_intermediate: True => new cert can sign certificates x509.BasicConstraints(ca=is_intermediate, path_length=None), critical=True ) @@ -74,7 +75,16 @@ def main(): csr_path = args.csr_path output_cert_path = args.output_cert_path - ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=b"admin1234") + os.system("stty -echo") + ca_pass = input("Enter private key password: ") + os.system("stty echo") + print("\n") + + try: + ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=ca_pass.encode()) + except: + print("Bad password") + exit(1) csr = load_csr(csr_path) @@ -86,6 +96,8 @@ def main(): f.write(signed_cert.public_bytes(serialization.Encoding.PEM)) f.write(ca_cert.public_bytes(serialization.Encoding.PEM)) + print(f"Certificate {csr_path} saved at {output_cert_path}. Signed by {ca_cert_path}") + if __name__ == "__main__": main() diff --git a/newcompany/certs/out.pem b/newcompany/certs/out.pem index 2a4000fc644bb2b970c92e7f729b53601c0990e2..06983db914841e390f75a1a22d8cae8210d27191 100644 --- a/newcompany/certs/out.pem +++ b/newcompany/certs/out.pem @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- -MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL +MIIElzCCAn+gAwIBAgIUfyoibwTPz40aYxk3lx1HRXMS37QwDQYJKoZIhvcNAQEL BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu -Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD +Y2gwHhcNMjQwNjE4MTY0NzI0WhcNMjUwNjE4MTY0NzI0WjBbMQswCQYDVQQGEwJD SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg @@ -12,16 +12,16 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX -5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 -GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL -KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 -uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk -FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o -R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb -o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ -BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 -FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp -BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 -J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj -MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB +5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABrE4lRC +5ib2dY/xG1Cf3EeBQtOlqNIZ4p+ziweBsHCffhJAroTojneuHd8yXjJk1mbVOGqe +o5mVqCu30h33LfqoZQbnHKWAdc3C3oBmWrTp/NpUS9Swz/HHgRu26HnuLBXlG1ZD +fxoBRD1PFxpLyHLxiNEWTofC/jo0UuOEIGsVyMs87WiYchbzwbk3XpF8ItZ1PUjf +GV0j5P5OuIocRFVVfdPLsifKBsyUmZR0dORHif2+9XKbBJPWptF4PgmBqWFCKLev +pMWBNbQCqAjFzZTXw6sOabACAuaspVigqSC7qJ3bOkIUsnh8YzFlyv44YHCYpDxW +vHcnMrDkQ9Hrs3UpIiewyFKyzv4gLpsEm+I1jcxLLUh1lvLH7ZBVQf4U+wjcBLij +CsMmXi83qXsiIuWfTjn3F+UKpmDy3c4C/Vst4shdu3F7xOxljU3p5RzEi3qQPYMc +UrAHnnwoaaRAz3k7zl9p6u0RbIZavYkZAyoMGne1ynaphIb2AJFHBUsldRAUGR26 +2IKDLfeoQPOERmifKAJ2QSHgLribQKWDH4wL6fwCKJNFnedpSeh35I79NyE+icMh +8NvB/H52KLkc0P+J8lBPIJ3fJVuSlgeVqa8EgZg/Kucf0WH3YdBaJ+USaiYkWiJh +o93HAye1hrAzzTR+9qghzOPrSHMUwJXY7af7 -----END CERTIFICATE-----