def create_x509_cert(cert_dir, x509_req):
# Load the CA cert
ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
file_get_contents(os.path.join(cert_dir, "ca_cert.pem")))
# Load private key
key = crypto.load_privatekey(crypto.FILETYPE_PEM,
file_get_contents(os.path.join(cert_dir, "ca_key.pem")))
# Generate serial number
serial = random.randint(1, 2048)
# Valid for one year starting from now
not_before = 0
not_after = 60 * 60 * 24 * 365
newcert = x509.create_cert(x509_req,
ca_cert, key, serial, not_before, not_after)
return crypto.dump_certificate(crypto.FILETYPE_PEM, newcert)
def create_x509_cert(cert_dir, x509_req):
# Load the CA cert
ca_cert = crypto.load_certificate(
crypto.FILETYPE_PEM,
file_get_contents(os.path.join(cert_dir, "ca_cert.pem")))
# Load private key
key = crypto.load_privatekey(
crypto.FILETYPE_PEM,
file_get_contents(os.path.join(cert_dir, "ca_key.pem")))
# Generate serial number
serial = random.randint(1, 2048)
# Valid for one year starting from now
not_before = 0
not_after = 60 * 60 * 24 * 365
newcert = x509.create_cert(x509_req, ca_cert, key, serial, not_before,
not_after)
return crypto.dump_certificate(crypto.FILETYPE_PEM, newcert)
cakey = x509.gen_rsa_keypair()
# save ca_key.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_key.pem'), 'w').write(x509.key_as_pem(cakey))
# create cert request
req = x509.create_x509_req(cakey, CN='CA', emailAddress='*****@*****.**',
O='ConPaaS')
five_years = 60 * 60 * 24 * 365 * 5
# create ca certificate, valid for five years
cacert = x509.create_cert(
req=req,
issuer_cert=req,
issuer_key=cakey,
serial=random.randint(1, sys.maxint),
not_before=0,
not_after=five_years)
# save ca_cert.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_cert.pem'), 'w').write(
x509.cert_as_pem(cacert))
# create director key
dkey = x509.gen_rsa_keypair()
# save key.pem to filesystem
open(os.path.join(CERT_DIR, 'key.pem'), 'w').write(x509.key_as_pem(dkey))
# create director cert request
# save ca_key.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_key.pem'), 'w').write(x509.key_as_pem(cakey))
# create cert request
req = x509.create_x509_req(cakey,
CN='CA',
emailAddress='*****@*****.**',
O='ConPaaS')
five_years = 60 * 60 * 24 * 365 * 5
# create ca certificate, valid for five years
cacert = x509.create_cert(req=req,
issuer_cert=req,
issuer_key=cakey,
serial=random.randint(1, sys.maxint),
not_before=0,
not_after=five_years)
# save ca_cert.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_cert.pem'),
'w').write(x509.cert_as_pem(cacert))
# create director key
dkey = x509.gen_rsa_keypair()
# save key.pem to filesystem
open(os.path.join(CERT_DIR, 'key.pem'), 'w').write(x509.key_as_pem(dkey))
# create director cert request
req = x509.create_x509_req(dkey,
