Skip to content

cottonbeckfield/python-csr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits

.github/workflows

.github/workflows

 
 

samples

samples

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

csrgen.py

csrgen.py

 
 

csrgen.pyc

csrgen.pyc

 
 

csrgen_test.py

csrgen_test.py

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

python-csr

Purpose

Generate a key, self-signed certificate, and certificate request.

Information

This script is for Python 2.7. Due to how the input() function has changed between python2 and python3, this script is not backwards compatible at this time.

Installation / Dependencies

The following modules are required:

  • OpenSSL (pyopenssl)
  • Argparse (argparse)
  • YAML (pyyaml)

I've included a setup.py that will install these dependencies if you have the setuptools python package and run:

python setup.py install

Usage

./csrgen -n [fqdn]

Note: you could always use '-h' in order to get some informations ;)

user@host> ./csrgen.py -h
usage: csrgen.py [-h] [-v] [-d] [-l LOG] [-n NAME] [-s [SAN [SAN ...]]]
                 [-k KEYSIZE] [-u UNATTENDED] [-f FILE] [-a] [-c]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Output more infos
  -d, --debug           Enable debug mode
  -l LOG, --log LOG     Define log file (default: /var/log/certGen.log)
  -n NAME, --name NAME  Provide the FQDN
  -s [SAN [SAN ...]], --san [SAN [SAN ...]]
                        SANS, define alternative names
  -k KEYSIZE, --keysize KEYSIZE
                        Provide the key size
  -u UNATTENDED, --unattended UNATTENDED
                        Load CSR predefined options
  -f FILE, --file FILE  Load hosts file (CN and optional Alternate Names) list
  -a, --authority       Generate Authority certificate (Default is server)
  -c, --client          Generate client certificate (Default is server)

Basic usage would be

./csrgen -n test.test.com

When more than one hostname is provided, a SAN (Subject Alternate Name) certificate and request are generated. This can be acheived by adding a -s.

csrgen -s 

./csrgen -n test.test.com -s mushu.test.com pushu.test.com

You can pass a yaml file as arguments to pre-fill your CSR values (C, ST, L, O, OU). Basically any attribute defined in the YAML file will be set in the certificate. On exception: if you force the hostname with -n parameter, it will override the 'Hostname' set in YAML file.

./csrgen -f sample.yaml -u csr.yaml

Debug options

A debug option (-d) and a verbose flag (-v) are available. If in any case you want to check the content of generated files, here is a quick cheat-sheet...

To read a CSR

openssl req -in test.test.com.csr -noout -text

To read a Certificate (CER)

openssl x509 -in test.test.com.cer -noout -text

To read a Certificate (PEM)

openssl x509 -inform pem -in test.test.com.cer -noout -text

TODO

  • Validate python3 compatibility
  • Finish SubClass Authority to generate a CA certificate (-x)
  • Create csrsign.py to sign a csr based on CA certificate and newly generated .csr
  • Implement Unit Tests

About

Generate a CSR/Key via Python

Topics

python certificate openssl csr

Resources

Readme
Activity

Stars

41 stars

Watchers

4 watching

Forks

26 forks
Report repository

Releases 1

CSR Python 2.7 Latest
Feb 1, 2021

Packages

No packages published

Contributors 5

Languages