## 参考
1. [Generic cryptographic module](https://www.pyopenssl.org/en/stable/api/crypto.html)
2. [Certificate Attributes](https://docs.oracle.com/cd/E24191_01/common/tutorials/authz_cert_attributes.html)

In [1]:
from OpenSSL import crypto, SSL

In [26]:
def generate_certificate(
    emailAddress="motein@qq.com",
    commonName="EnvisionNano Cert",
    countryName="CN",
    localityName="Lower Xiehe Street 888, Shuangliu District",
    stateOrProvinceName="Sichuan",
    organizationName="EnvisionNano, Inc.",
    organizationUnitName="R&D",
    serialNumber=0,
    validityStartInSeconds=0,
    validityEndInSeconds=9*365*24*60*60,
    KEY_FILE = "private.pem",
    CERT_FILE="certificate.pem",
    passPhrase = b"motein@XA"):
    #can look at generated file using openssl:
    #openssl x509 -inform pem -in certificate.pem -noout -text
    # create a key pair
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_RSA, 4096)
    # create a self-signed cert
    cert = crypto.X509()
    cert.get_subject().C = countryName
    cert.get_subject().ST = stateOrProvinceName
    cert.get_subject().L = localityName
    cert.get_subject().O = organizationName
    cert.get_subject().OU = organizationUnitName
    cert.get_subject().CN = commonName
    cert.get_subject().emailAddress = emailAddress
    cert.set_serial_number(serialNumber)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(validityEndInSeconds)
    cert.set_issuer(cert.get_subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha512')
    with open(CERT_FILE, "wt") as f:
        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8"))
    with open(KEY_FILE, "wt") as f:
        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k, passphrase=passPhrase).decode("utf-8"))

In [27]:
generate_certificate()