Skip to content
Snippets Groups Projects
Commit b05aaf89 authored by brian's avatar brian
Browse files

fixed script

parent 0016b2ce
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README.md 0 → 100644
+ 12
0
View file @ b05aaf89
# Script usage
```python
python blablae [...]
```
# Usefull commands
```bash
# Check x509 cert
openssl x509 -inform pem -noout -text -in newcompany/certs/out.pem
```
full_chain.pem
+ 14
14
View file @ b05aaf89
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL MIIElzCCAn+gAwIBAgIUfyoibwTPz40aYxk3lx1HRXMS37QwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD Y2gwHhcNMjQwNjE4MTY0NzI0WhcNMjUwNjE4MTY0NzI0WjBbMQswCQYDVQQGEwJD
SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
...@@ -12,18 +12,18 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX ...@@ -12,18 +12,18 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABrE4lRC
GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL 5ib2dY/xG1Cf3EeBQtOlqNIZ4p+ziweBsHCffhJAroTojneuHd8yXjJk1mbVOGqe
KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 o5mVqCu30h33LfqoZQbnHKWAdc3C3oBmWrTp/NpUS9Swz/HHgRu26HnuLBXlG1ZD
uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk fxoBRD1PFxpLyHLxiNEWTofC/jo0UuOEIGsVyMs87WiYchbzwbk3XpF8ItZ1PUjf
FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o GV0j5P5OuIocRFVVfdPLsifKBsyUmZR0dORHif2+9XKbBJPWptF4PgmBqWFCKLev
R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb pMWBNbQCqAjFzZTXw6sOabACAuaspVigqSC7qJ3bOkIUsnh8YzFlyv44YHCYpDxW
o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ vHcnMrDkQ9Hrs3UpIiewyFKyzv4gLpsEm+I1jcxLLUh1lvLH7ZBVQf4U+wjcBLij
BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 CsMmXi83qXsiIuWfTjn3F+UKpmDy3c4C/Vst4shdu3F7xOxljU3p5RzEi3qQPYMc
FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp UrAHnnwoaaRAz3k7zl9p6u0RbIZavYkZAyoMGne1ynaphIb2AJFHBUsldRAUGR26
BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 2IKDLfeoQPOERmifKAJ2QSHgLribQKWDH4wL6fwCKJNFnedpSeh35I79NyE+icMh
J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj 8NvB/H52KLkc0P+J8lBPIJ3fJVuSlgeVqa8EgZg/Kucf0WH3YdBaJ+USaiYkWiJh
MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB o93HAye1hrAzzTR+9qghzOPrSHMUwJXY7af7
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y MIIFsDCCA5igAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwcDEXMBUGA1UEAwwOaG9y
......
gen_cert.py
+ 16
4
View file @ b05aaf89
import os
import datetime import datetime
import argparse import argparse
from cryptography import x509 from cryptography import x509
...@@ -35,9 +35,9 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False): ...@@ -35,9 +35,9 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False):
).serial_number( ).serial_number(
x509.random_serial_number() x509.random_serial_number()
).not_valid_before( ).not_valid_before(
datetime.datetime.utcnow() datetime.datetime.now(datetime.UTC)
).not_valid_after( ).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=365) datetime.datetime.now(datetime.UTC) + datetime.timedelta(days=365)
).add_extension( ).add_extension(
x509.SubjectKeyIdentifier.from_public_key(csr.public_key()), x509.SubjectKeyIdentifier.from_public_key(csr.public_key()),
critical=False critical=False
...@@ -46,6 +46,7 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False): ...@@ -46,6 +46,7 @@ def create_certificate(csr, issuer_cert, issuer_key, is_intermediate=False):
issuer_cert.public_key()), issuer_cert.public_key()),
critical=False critical=False
).add_extension( ).add_extension(
# is_intermediate: True => new cert can sign certificates
x509.BasicConstraints(ca=is_intermediate, path_length=None), x509.BasicConstraints(ca=is_intermediate, path_length=None),
critical=True critical=True
) )
...@@ -74,7 +75,16 @@ def main(): ...@@ -74,7 +75,16 @@ def main():
csr_path = args.csr_path csr_path = args.csr_path
output_cert_path = args.output_cert_path output_cert_path = args.output_cert_path
ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=b"admin1234") os.system("stty -echo")
ca_pass = input("Enter private key password: ")
os.system("stty echo")
print("\n")
try:
ca_cert, ca_key = load_ca(ca_cert_path, ca_key_path, ca_key_password=ca_pass.encode())
except:
print("Bad password")
exit(1)
csr = load_csr(csr_path) csr = load_csr(csr_path)
...@@ -86,6 +96,8 @@ def main(): ...@@ -86,6 +96,8 @@ def main():
f.write(signed_cert.public_bytes(serialization.Encoding.PEM)) f.write(signed_cert.public_bytes(serialization.Encoding.PEM))
f.write(ca_cert.public_bytes(serialization.Encoding.PEM)) f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
print(f"Certificate {csr_path} saved at {output_cert_path}. Signed by {ca_cert_path}")
if __name__ == "__main__": if __name__ == "__main__":
main() main()
newcompany/certs/out.pem
+ 14
14
View file @ b05aaf89
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIElzCCAn+gAwIBAgIUQyTmBMwNZLDzhYYaTstXHDfF1nIwDQYJKoZIhvcNAQEL MIIElzCCAn+gAwIBAgIUfyoibwTPz40aYxk3lx1HRXMS37QwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl BQAwXjELMAkGA1UEBhMCQ0gxDTALBgNVBAgMBFZhdWQxGjAYBgNVBAoMEUhvcnNl
IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu IFRpbmRlciBTYXJsMQwwCgYDVQQLDANJU0MxFjAUBgNVBAMMDWFuZHJld3RhdGUu
Y2gwHhcNMjQwNjE4MTYyODAyWhcNMjUwNjE4MTYyODAyWjBbMQswCQYDVQQGEwJD Y2gwHhcNMjQwNjE4MTY0NzI0WhcNMjUwNjE4MTY0NzI0WjBbMQswCQYDVQQGEwJD
SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv SDEPMA0GA1UECAwGR2VuZXZhMQ8wDQYDVQQHDAZHZW5ldmExEDAOBgNVBAoMB0Nv
bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB bXBhbnkxGDAWBgNVBAMMD2NvbXBhbnkuYmliaS5jaDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg BQADggEPADCCAQoCggEBAK+IC/2VqLLJ/PzzWeV2dbsvxUIrg26UJZnxJ5FlK1tg
...@@ -12,16 +12,16 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX ...@@ -12,16 +12,16 @@ etgMp4zQ4UNDZjECzsQ46Hp3WqpdeAVxFxblfDPlrVBnAdWnlbBdZ3798XHDOvDX
Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4 Josmoc8DnWkkiVOmL0KFKw9R7dAhWyTXnVojqotPxGZPbDwwPv0QSaSsolrPQ9x4
BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O BOSf/QgZKQXW0Q35UgDT0bzT+wIyUezu3prJRd/2oIsCAwEAAaNQME4wHQYDVR0O
BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX BBYEFJbDmkp+DYOTwK255fK13gEd1u15MB8GA1UdIwQYMBaAFN6ATyzm7FYoUHlX
5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAEYhZk97 5afUB9g9RLGTMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBABrE4lRC
GQWYn9tJqdS8yTeza6bia+hbh2oIEUDZRe3AV/DJrqh3GoG8VqjESWWYUF/NESoL 5ib2dY/xG1Cf3EeBQtOlqNIZ4p+ziweBsHCffhJAroTojneuHd8yXjJk1mbVOGqe
KrEaAl5JQYKCbrcRcqcUNpfEz9CiCDRYomu4MfJSZFuqTTIcUdo7uFg1RxEkjRO9 o5mVqCu30h33LfqoZQbnHKWAdc3C3oBmWrTp/NpUS9Swz/HHgRu26HnuLBXlG1ZD
uudcdghQU1CQ03GdkKVAFtDVRpGvK+Ir85Bd/Wh56ql5QjNbGSGPWAaU9vxVZ5Fk fxoBRD1PFxpLyHLxiNEWTofC/jo0UuOEIGsVyMs87WiYchbzwbk3XpF8ItZ1PUjf
FT4XtEHpZalO1vuR1VuXu0Go6Looko/+cDb8UlV+Qbxt+WxzErvPgrkt9+UJDs7o GV0j5P5OuIocRFVVfdPLsifKBsyUmZR0dORHif2+9XKbBJPWptF4PgmBqWFCKLev
R1v5tIFLE1T3vsfucrlRn4Huj3VFh5LcuWuYtnONJ1hIqrwaJm1leHm7OuJRH/qb pMWBNbQCqAjFzZTXw6sOabACAuaspVigqSC7qJ3bOkIUsnh8YzFlyv44YHCYpDxW
o4b4LIBrqdLetYKvcsE+tIOA/lkkXwlD17+CqW0lJtfLhlhgxkQBV06kMufO4Bf+ vHcnMrDkQ9Hrs3UpIiewyFKyzv4gLpsEm+I1jcxLLUh1lvLH7ZBVQf4U+wjcBLij
BstnY20eqXxAf57L7v/EZvmVpqgkraWdrdNYcE5HfFXmODsvcdo2i49ZZ8Q1jj67 CsMmXi83qXsiIuWfTjn3F+UKpmDy3c4C/Vst4shdu3F7xOxljU3p5RzEi3qQPYMc
FBiKR4wTE5goARvK/iF4ZHCo4hyOist2eO9R8ZYYkYZiTagkh9DDXodAq6tehAcp UrAHnnwoaaRAz3k7zl9p6u0RbIZavYkZAyoMGne1ynaphIb2AJFHBUsldRAUGR26
BkBAKDJV5WX84A+2hEqN6cMYYK8Nu5q3mH0WdQUPK4dhxzOHchRPIIL294iIdru6 2IKDLfeoQPOERmifKAJ2QSHgLribQKWDH4wL6fwCKJNFnedpSeh35I79NyE+icMh
J8q8hxrw0fgupOGS7Xwc/XBkIMG2xbCYxVxJhjKPYg/RcqQIPmt2LB/t2DdNVErj 8NvB/H52KLkc0P+J8lBPIJ3fJVuSlgeVqa8EgZg/Kucf0WH3YdBaJ+USaiYkWiJh
MZwEPki6N1FqBKWzsK4tg8IHMAnTeWJVE3eB o93HAye1hrAzzTR+9qghzOPrSHMUwJXY7af7
-----END CERTIFICATE----- -----END CERTIFICATE-----
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment