def ssl_setup(cert_dir, authority_name):
# Set up the external certs with the same authority as the internal
# one so that certificate trust works regardless of chosen endpoint.
certipy = Certipy(store_dir=cert_dir)
alt_names = ["DNS:localhost", "IP:127.0.0.1"]
internal_authority = certipy.create_ca(authority_name, overwrite=True)
external_certs = certipy.create_signed_pair(
"external", authority_name, overwrite=True, alt_names=alt_names
)
return external_certs
def ssl_setup(cert_dir, authority_name):
# Set up the external certs with the same authority as the internal
# one so that certificate trust works regardless of chosen endpoint.
certipy = Certipy(store_dir=cert_dir)
alt_names = ["DNS:localhost", "IP:127.0.0.1"]
internal_authority = certipy.create_ca(authority_name, overwrite=True)
external_certs = certipy.create_signed_pair(
"external", authority_name, overwrite=True, alt_names=alt_names
)
return external_certs
def main():
describe_certipy = """
Certipy: Create simple, self-signed certificate authorities and certs.
"""
parser = argparse.ArgumentParser(description=describe_certipy)
parser.add_argument('name',
help="""Name of the cert to create,
defaults to creating a CA cert. If no signing
--ca-name specified.""")
parser.add_argument('--ca-name',
help="The name of the CA to sign this cert.",
default="")
parser.add_argument(
'--overwrite',
action="store_true",
help="If the cert already exists, bump the serial and overwrite it.")
parser.add_argument('--rm',
action="store_true",
help="Remove the cert specified by name.")
parser.add_argument('--cert-type',
default="rsa",
choices=['rsa', 'dsa'],
help="The type of cert to create.")
parser.add_argument('--bits',
type=int,
default=2048,
help="The number of bits to use.")
parser.add_argument('--valid',
type=int,
default=5,
help="Years the cert is valid for.")
parser.add_argument(
'--alt-names',
default="",
help="Alt names for the certificate (comma delimited).")
parser.add_argument('--store-dir',
default="out",
help="The location for the store and certs.")
args = parser.parse_args()
certipy = Certipy(store_dir=args.store_dir)
cert_type = crypto.TYPE_RSA if args.cert_type is "rsa" else crypto.TYPE_DSA
record = None
if args.rm:
try:
record = certipy.store.remove_files(args.name, delete_dir=True)
print("Deleted:")
for key, val in record.items():
print(key.upper(), val)
except CertificateAuthorityInUseError as e:
print("Unable to delete.", e)
sys.exit(0)
alt_names = None
if args.alt_names:
alt_names = [_.strip() for _ in args.alt_names.split(',')]
if args.ca_name:
ca_record = certipy.store.get_record(args.ca_name)
if ca_record:
try:
record = certipy.create_signed_pair(args.name,
args.ca_name,
cert_type=cert_type,
bits=args.bits,
years=args.valid,
alt_names=alt_names,
overwrite=args.overwrite)
except CertExistsError as e:
print(e)
else:
print("CA {} not found. Must specify an exisiting authority to"
" sign this cert.".format(args.ca_name))
else:
try:
record = certipy.create_ca(args.name,
cert_type=cert_type,
bits=args.bits,
years=args.valid,
alt_names=alt_names,
overwrite=args.overwrite)
except CertExistsError as e:
print(e)
if record:
for key, val in record.items():
print(key.upper(), val)