def test_mkreq(self):
(req, _) = self.mkreq(1024)
req.save_pem('tests/tmp_request.pem')
req2 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.pem')
req3 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.der', format=X509.FORMAT_DER)
req4 = X509.load_request('tests/tmp_request.der',
format=X509.FORMAT_DER)
os.remove('tests/tmp_request.der')
assert req.as_pem() == req2.as_pem()
assert req.as_text() == req2.as_text()
assert req.as_der() == req2.as_der()
assert req.as_pem() == req3.as_pem()
assert req.as_text() == req3.as_text()
assert req.as_der() == req3.as_der()
assert req.as_pem() == req4.as_pem()
assert req.as_text() == req4.as_text()
assert req.as_der() == req4.as_der()
self.assertEqual(req.get_version(), 0)
req.set_version(1)
self.assertEqual(req.get_version(), 1)
req.set_version(0)
self.assertEqual(req.get_version(), 0)
def test_mkreq(self):
(req, _) = self.mkreq(1024)
req.save_pem('tests/tmp_request.pem')
req2 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.pem')
req3 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.der', format=X509.FORMAT_DER)
req4 = X509.load_request('tests/tmp_request.der',
format=X509.FORMAT_DER)
os.remove('tests/tmp_request.der')
self.assertEqual(req.as_pem(), req2.as_pem())
self.assertEqual(req.as_text(), req2.as_text())
self.assertEqual(req.as_der(), req2.as_der())
self.assertEqual(req.as_pem(), req3.as_pem())
self.assertEqual(req.as_text(), req3.as_text())
self.assertEqual(req.as_der(), req3.as_der())
self.assertEqual(req.as_pem(), req4.as_pem())
self.assertEqual(req.as_text(), req4.as_text())
self.assertEqual(req.as_der(), req4.as_der())
self.assertEqual(req.get_version(), 0)
req.set_version(1)
self.assertEqual(req.get_version(), 1)
req.set_version(0)
self.assertEqual(req.get_version(), 0)
def _get_signing_request(self, der_blob):
""" Extracts signing request from
MyProxy response.
der_blob -- sequence with PKCS10 encoded CSR string
raise -- MyProxyError if no CSR could be extracted
"""
ind = der_blob.find(MyProxy.ASN1_START)
if ind < 0:
raise MyProxyError("CSR missing",
"Could not extract any CSR from ASN1 sequence")
_len = 256*ord(der_blob[ind+2]) + ord(der_blob[ind+3])
c = der_blob[ind:ind+_len+4] # get CSR
if version.LooseVersion(m2_version) < '0.20':
# little hack to overcome missing method in versions < 0.20
import tempfile
tmp_fd, tmp_name = tempfile.mkstemp(suffix='.csr')
f = os.fdopen(tmp_fd,'wb')
f.write(c)
f.close()
req = X509.load_request(tmp_name, X509.FORMAT_DER)
os.remove(tmp_name)
else:
req = X509.load_request_der_string(c)
return req
def verify(certificate_path, signature_path, request_path):
certificate = None
try:
certificate = X509.load_cert(certificate_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load certificate for verification')
exit(1)
signature = None
try:
signature = open(signature_path, 'r').read()
except IOError:
print('ERROR verify: Could not load signature for verification')
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load request for verification')
exit(1)
digest = EVP.MessageDigest('sha1')
digest.update(request.as_pem())
public_key = certificate.get_pubkey().get_rsa()
status = public_key.verify_rsassa_pss(digest.digest(), signature)
if status:
print('Verification OK')
else:
print('Verification failed')
exit(1)
def verify(certificate_path, signature_path, request_path):
certificate = None
try:
certificate = X509.load_cert(certificate_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load certificate for verification')
exit(1)
signature = None
try:
signature = open(signature_path, 'r').read()
except IOError:
print('ERROR verify: Could not load signature for verification')
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (X509.X509Error, IOError):
print('ERROR verify: Could not load request for verification')
exit(1)
digest = EVP.MessageDigest('sha1')
digest.update(request.as_pem())
public_key = certificate.get_pubkey().get_rsa()
status = public_key.verify_rsassa_pss(digest.digest(), signature)
if status:
print('Verification OK')
else:
print('Verification failed')
exit(1)
def print_request(request_file_path):
request = None
try:
request = X509.load_request(request_file_path)
except X509.X509Error:
print('ERROR print: Could not load request from %s' % request_file_path)
exit(1)
print(request.as_text())
def test_malformed_data(self):
with self.assertRaises(X509.X509Error):
X509.load_cert_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_cert_der_string('Hello')
with self.assertRaises(X509.X509Error):
X509.new_stack_from_der('Hello')
with self.assertRaises(X509.X509Error):
X509.load_cert('tests/alltests.py')
with self.assertRaises(X509.X509Error):
X509.load_request('tests/alltests.py')
with self.assertRaises(X509.X509Error):
X509.load_request_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_request_der_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_crl('tests/alltests.py')
def test_malformed_data(self):
with self.assertRaises(X509.X509Error):
X509.load_cert_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_cert_der_string('Hello')
with self.assertRaises(X509.X509Error):
X509.new_stack_from_der('Hello')
with self.assertRaises(X509.X509Error):
X509.load_cert('tests/alltests.py')
with self.assertRaises(X509.X509Error):
X509.load_request('tests/alltests.py')
with self.assertRaises(X509.X509Error):
X509.load_request_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_request_der_string('Hello')
with self.assertRaises(X509.X509Error):
X509.load_crl('tests/alltests.py')
def _verify(self):
"""Verify a certificate request; return True (0) or False (1)"""
try:
req = X509.load_request(self.req_file)
except:
msg = 'Certificate request file %s not found' % self.req_file
raise error.NotFound(msg)
pkey = req.get_pubkey()
return req.verify(pkey)
def _verify(self):
"""Verify a certificate request; return True (0) or False (1)"""
try:
req = X509.load_request(self.req_file)
except:
msg = 'Certificate request file %s not found' % self.req_file
raise error.NotFound(msg)
pkey = req.get_pubkey()
return req.verify(pkey)
def print_request(request_file_path):
request = None
try:
request = X509.load_request(request_file_path)
except X509.X509Error:
print('ERROR print: Could not load request from %s' %
request_file_path)
exit(1)
print(request.as_text())
def make_certificate(request_path, ca_private_key_file, ca_certificate_file, output, is_digital, is_printed):
request = None
try:
request = X509.load_request(request_path)
except X509.X509Error:
print('ERROR certificate: Could not load request from %s' % request_path)
exit(1)
public_key = request.get_pubkey()
subject = request.get_subject()
ca_certificate = None
try:
ca_certificate = X509.load_cert(ca_certificate_file)
except (IOError, BIO.BIOError):
print('ERROR certificate: Could not load ca certificate file. Check permissions and try again')
exit(1)
ca_private_key = None
try:
ca_private_key = RSA.load_key(ca_private_key_file, callback=password)
except (IOError, BIO.BIOError):
print('ERROR certificate: Could not load ca private key file. Check permissions and try again')
exit(1)
certificate = X509.X509()
certificate.set_serial_number(time().as_integer_ratio()[0])
certificate.set_version(2)
certificate.set_subject(subject)
issuer = ca_certificate.get_issuer()
not_before = ASN1.ASN1_UTCTIME()
now = int(time() - timezone)
not_before.set_time(now)
not_after = ASN1.ASN1_UTCTIME()
not_after.set_time(now + 60 * 60 * 24 * 365)
certificate.set_not_before(not_before)
certificate.set_not_after(not_after)
certificate.set_issuer(issuer)
certificate.set_pubkey(public_key)
selinux_extension = request.get_extension_by_name('selinuxContext')
if not selinux_extension:
print('ERROR certificate: No extension selinuxContext in request %s' % request_path)
exit(1)
if not is_digital:
if not verify_user_context(subject.CN, selinux_extension.get_value()):
print('ERROR certificate: Invalid SELinux context in request file %s' % request_path)
exit(1)
certificate.add_ext(selinux_extension)
certificate.add_ext(X509.new_extension('basicConstraints', 'CA:FALSE', 1))
if is_digital:
certificate.add_ext(X509.new_extension('keyUsage', 'Digital Signature', 1))
if not output:
output = path.abspath(path.curdir) + '/%s.crt' % DEFAULT_FIELDS['CN']
certificate.sign(ca_private_key, 'sha1')
certificate.save(output)
if is_printed:
print(certificate.as_text())
print('Certificate was saved to %s' % output)
def test_mkreq(self):
(req, _) = self.mkreq(512)
req.save_pem('tests/tmp_request.pem')
req2 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.pem')
req3 = X509.load_request('tests/tmp_request.pem')
os.remove('tests/tmp_request.pem')
req.save('tests/tmp_request.der', format=X509.FORMAT_DER)
req4 = X509.load_request('tests/tmp_request.der',
format=X509.FORMAT_DER)
os.remove('tests/tmp_request.der')
assert req.as_pem() == req2.as_pem()
assert req.as_text() == req2.as_text()
assert req.as_der() == req2.as_der()
assert req.as_pem() == req3.as_pem()
assert req.as_text() == req3.as_text()
assert req.as_der() == req3.as_der()
assert req.as_pem() == req4.as_pem()
assert req.as_text() == req4.as_text()
assert req.as_der() == req4.as_der()
def csr_from_file(csrfilename):
"""Read a certificate request from file.
:type csrfilename: string
:param csrfilename: Name of certificate file to read
:rtype: M2Crypto.X509.Request
:return: Certificate request object
"""
return X509.load_request(csrfilename)
def __init__(self, req_data = None, req_file = None):
self._path = None
self._data = None
self._req = None
self._is_temp = False
if req_file and not os.path.exists(req_file):
raise ActivationException("Certificate request file %s doesn't exists." % req_file)
if req_data and req_file:
raise ActivationException("Cannot use file data and file path at the same time.")
elif req_file and not req_data:
self._path = req_file
self._req = X509.load_request(self._path)
self._data = self._req.as_pem().strip()
elif req_data and not req_file:
self._path = tempfile.mktemp()
write_file(self._path, req_data)
self._req = X509.load_request(self._path)
self._data = self._req.as_pem().strip()
self._is_temp = True
def get(self):
"""Retrieve a certificate request; return results object."""
# TODO Put this in a dir walk loop so it supports multiple reqs
data = []
item = {}
try:
req = X509.load_request(self.req_file)
except IOError:
result = common.process_results(data, 'Request')
return result
item['req_cn'] = req.get_subject().CN
item['req_as_pem'] = req.as_pem()
pkey = req.get_pubkey()
if req.verify(pkey):
item['verify'] = 'success'
data.append(item)
result = common.process_results(data, 'Request')
return result
def get(self):
"""Retrieve a certificate request; return results object."""
# TODO Put this in a dir walk loop so it supports multiple reqs
data = []
item = {}
try:
req = X509.load_request(self.req_file)
except IOError:
result = common.process_results(data, 'Request')
return result
item['req_cn'] = req.get_subject().CN
item['req_as_pem'] = req.as_pem()
pkey = req.get_pubkey()
if req.verify(pkey):
item['verify'] = 'success'
data.append(item)
result = common.process_results(data, 'Request')
return result
def pki_ca_issue_certificate(cert_req_loc, ca_pk_loc, serial_number, cert_loc): """ Issue certificate based on the request and save it as a file. Serial number must not repeat in issued certificates. Parameters: cert_req_loc = location of file with certificate request ca_pk_loc = location of file with CA private key serial_number = serial number for the issued certificate cert_loc = location of file to store issued certificate Return: none """ ca_pk = EVP.load_key(ca_pk_loc) # load EVP for signing certificates cert_req = X509.load_request(cert_req_loc) cert = make_certificate(serial_number) cert.set_subject(cert_req.get_subject()) cert.set_pubkey(cert_req.get_pubkey()) cert.sign(ca_pk, 'sha256') cert.save_pem(cert_loc)
def _get_ca_info(self):
ca_info = {}
try:
ca_cert = X509.load_cert(self.ca_cert_file, format=1)
ca_info['ca_cn'] = ca_cert.get_subject().CN
ca_info['ca_cert_as_pem'] = ca_cert.as_pem()
msg = 'Retrieved CN and pem from CA cert file %s' % self.ca_cert_file
self.log.debug(msg)
except:
msg = 'CA cert file %s does not exist' % self.ca_cert_file
self.log.debug(msg)
try:
ca_req = X509.load_request(self.ca_req_file)
ca_info['ca_cn'] = ca_req.get_subject().CN
msg = 'Retrieved CN from CA req file %s' % self.ca_req_file
self.log.debug(msg)
except:
msg = 'CA req file %s does not exist' % self.ca_req_file
self.log.debug(msg)
return ca_info
def _get_ca_info(self):
ca_info = {}
try:
ca_cert = X509.load_cert(self.ca_cert_file, format=1)
ca_info['ca_cn'] = ca_cert.get_subject().CN
ca_info['ca_cert_as_pem'] = ca_cert.as_pem()
msg = 'Retrieved CN and pem from CA cert file %s' % self.ca_cert_file
self.log.debug(msg)
except:
msg = 'CA cert file %s does not exist' % self.ca_cert_file
self.log.debug(msg)
try:
ca_req = X509.load_request(self.ca_req_file)
ca_info['ca_cn'] = ca_req.get_subject().CN
msg = 'Retrieved CN from CA req file %s' % self.ca_req_file
self.log.debug(msg)
except:
msg = 'CA req file %s does not exist' % self.ca_req_file
self.log.debug(msg)
return ca_info
def sign(private_key_path, certificate_path, request_path):
if not get_extension(certificate_path, 'keyUsage') == 'Digital Signature':
print('ERROR sign: key pair %s and %s could not be used for signing file because policy' %
(private_key_path, certificate_path))
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (IOError, X509.X509Error):
print('ERROR sign: Could not load request from %s' % request_path)
exit(1)
private_key = None
try:
private_key = RSA.load_key(private_key_path, password)
except (IOError, EVP.EVPError):
print('ERROR sign: Could not load private key')
exit(1)
digest = EVP.MessageDigest('sha1')
digest.update(request.as_pem())
signature = private_key.sign_rsassa_pss(digest.digest())
open('%s.signature' % request_path, 'w').write(signature)
print('Signature was saved to %s.signature' % request_path)
def sign(private_key_path, certificate_path, request_path):
if not get_extension(certificate_path, 'keyUsage') == 'Digital Signature':
print('ERROR sign: key pair %s and %s could not be used for signing file because policy' %
(private_key_path, certificate_path))
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (IOError, X509.X509Error):
print('ERROR sign: Could not load request from %s' % request_path)
exit(1)
text = BIO.MemoryBuffer(request.as_pem())
smime = SMIME.SMIME()
try:
smime.load_key(private_key_path, certificate_path)
except (ValueError, IOError, X509.X509Error):
print('ERROR sign: Could not load digital signature')
exit(1)
sign_request = smime.sign(text)
sign_request_file = BIO.openfile(request_path + '.sign', 'w')
smime.write(sign_request_file, sign_request)
sign_request_file.close()
print('Signing request was saved to %s' % request_path + '.sign')
def sign(private_key_path, certificate_path, request_path):
if not get_extension(certificate_path, 'keyUsage') == 'Digital Signature':
print(
'ERROR sign: key pair %s and %s could not be used for signing file because policy'
% (private_key_path, certificate_path))
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (IOError, X509.X509Error):
print('ERROR sign: Could not load request from %s' % request_path)
exit(1)
private_key = None
try:
private_key = RSA.load_key(private_key_path, password)
except (IOError, EVP.EVPError):
print('ERROR sign: Could not load private key')
exit(1)
digest = EVP.MessageDigest('sha1')
digest.update(request.as_pem())
signature = private_key.sign_rsassa_pss(digest.digest())
open('%s.signature' % request_path, 'w').write(signature)
print('Signature was saved to %s.signature' % request_path)
def sign(private_key_path, certificate_path, request_path):
if not get_extension(certificate_path, 'keyUsage') == 'Digital Signature':
print(
'ERROR sign: key pair %s and %s could not be used for signing file because policy'
% (private_key_path, certificate_path))
exit(1)
request = None
try:
request = X509.load_request(request_path)
except (IOError, X509.X509Error):
print('ERROR sign: Could not load request from %s' % request_path)
exit(1)
text = BIO.MemoryBuffer(request.as_pem())
smime = SMIME.SMIME()
try:
smime.load_key(private_key_path, certificate_path)
except (ValueError, IOError, X509.X509Error):
print('ERROR sign: Could not load digital signature')
exit(1)
sign_request = smime.sign(text)
sign_request_file = BIO.openfile(request_path + '.sign', 'w')
smime.write(sign_request_file, sign_request)
sign_request_file.close()
print('Signing request was saved to %s' % request_path + '.sign')
def make_certificate(request_path, ca_private_key_file, ca_certificate_file, output, is_printed):
check_path(request_path)
request = X509.load_request(request_path)
public_key = request.get_pubkey()
if not request.verify(public_key):
print('Error verifying request')
exit(1)
subject = request.get_subject()
ca_certificate = X509.load_cert(ca_certificate_file)
ca_private_key = EVP.load_key(ca_private_key_file, callback=password)
certificate = X509.X509()
certificate.set_serial_number(time().as_integer_ratio()[0])
certificate.set_version(2)
certificate.set_subject(subject)
issuer = ca_certificate.get_issuer()
not_before = ASN1.ASN1_UTCTIME()
not_before.set_datetime(datetime.today())
not_after = ASN1.ASN1_UTCTIME()
not_after.set_datetime(datetime(datetime.today().year + 1, datetime.today().month, datetime.today().day))
certificate.set_not_before(not_before)
certificate.set_not_after(not_after)
certificate.set_issuer(issuer)
certificate.set_pubkey(public_key)
selinux_extension = request.get_extension_by_name("selinuxContext")
if not selinux_extension:
print("No extension selinuxContext in request %s" % request_path)
exit(1)
certificate.add_ext(selinux_extension)
certificate.add_ext(X509.new_extension("basicConstraints", "CA:FALSE", 1))
if not output:
output = path.abspath(path.curdir) + '/%s.crt' % DEFAULT_FIELDS['CN']
certificate.sign(ca_private_key, 'sha1')
certificate.save(output)
if is_printed:
print(certificate.as_text())
print('Certificate was saved to %s' % output)
def print_request(request_file_path):
check_path(request_file_path)
request = X509.load_request(request_file_path)
print(request.as_text())
def _do_req(self):
"""Create a certificate request; return a certificate request object."""
req = X509.load_request(self.req_file, format=1)
return req
def _do_req(self):
"""Create a certificate request; return a certificate request object."""
csr = SpokeCSR(self.cn, self.reqca.ca_name)
csr.create()
req = X509.load_request(self.req_file, format=1)
return req
def sing_req_by_server(id_client_req, cert_path, data_path, auto = False):
server_cert = cert_path + '/root.crt'
server_key = cert_path + '/root.key'
if id_client_req:
try:
int (id_client_req)
except:
print _("The certificate number must be int")
return 1
cl_req = data_path + '/client_certs/%s.csr' %id_client_req
cl_cert = data_path + '/client_certs/%s.crt' %id_client_req
if not os.path.exists(cl_req):
print _("Signature request %s not found") %cl_req
return 1
if os.path.exists(cl_cert):
print _("Certificate %s now exists") %cl_cert
return 1
if auto:
group_name = "all"
else:
group_name = "%s" %raw_input \
(_("Enter the group of the new certificate "\
"(group name or 'all'): "))
config = data_path + '/client_certs/ssl-client.cfg'
if os.path.exists(config):
os.unlink(config)
from M2Crypto import X509, EVP
sr_cert = X509.load_cert(server_cert)
sr_key_inst = EVP.load_key(server_key)
cl_req_inst = X509.load_request(cl_req)
from create_cert import makeCert
cl_cert_inst = makeCert(cl_req_inst, sr_key_inst, sr_cert.get_issuer(),
client_cert = True, group = group_name)
cl_cert_inst.save_pem(cl_cert)
#print 'startdate = ', startdate
#cfg_text = (#"[ ssl_client ]\n"
#"basicConstraints = CA:FALSE\n"
#"nsCertType = client\n"
#"keyUsage = digitalSignature, keyEncipherment\n"
#"extendedKeyUsage = clientAuth\n"
#"nsComment = %s\n" %group)
#print 'config = ', cfg_text
#fc = open(config, 'w')
#fc.write(cfg_text)
#fc.close()
#cmd=("openssl x509 -req -days 11000 -CA %s -CAkey %s -CAcreateserial "
#"-extfile %s -extensions ssl_client -in %s -out %s") \
#%(server_cert, server_key, config, cl_req, cl_cert)
#print cmd
#PIPE = subprocess.PIPE
#p = subprocess.Popen(cmd, shell=True, stdin=PIPE, stdout=PIPE,
#stderr=subprocess.STDOUT, close_fds=True)
#p.wait()
if os.path.exists(cl_cert):
print _("Certificate %s is signed") %cl_cert
else:
print _("Certificate %s has not been signed") %cl_cert
return 0
def _do_req(self):
"""Create a certificate request; return a certificate request object."""
req = X509.load_request(self.req_file, format=1)
return req
def make_certificate(request_path, ca_private_key_file, ca_certificate_file,
output, is_digital, is_printed):
request = None
try:
request = X509.load_request(request_path)
except X509.X509Error:
print('ERROR certificate: Could not load request from %s' %
request_path)
exit(1)
public_key = request.get_pubkey()
subject = request.get_subject()
ca_certificate = None
try:
ca_certificate = X509.load_cert(ca_certificate_file)
except (IOError, BIO.BIOError):
print(
'ERROR certificate: Could not load ca certificate file. Check permissions and try again'
)
exit(1)
ca_private_key = None
try:
ca_private_key = RSA.load_key(ca_private_key_file, callback=password)
except (IOError, BIO.BIOError):
print(
'ERROR certificate: Could not load ca private key file. Check permissions and try again'
)
exit(1)
certificate = X509.X509()
certificate.set_serial_number(time().as_integer_ratio()[0])
certificate.set_version(2)
certificate.set_subject(subject)
issuer = ca_certificate.get_issuer()
not_before = ASN1.ASN1_UTCTIME()
now = int(time() - timezone)
not_before.set_time(now)
not_after = ASN1.ASN1_UTCTIME()
not_after.set_time(now + 60 * 60 * 24 * 365)
certificate.set_not_before(not_before)
certificate.set_not_after(not_after)
certificate.set_issuer(issuer)
certificate.set_pubkey(public_key)
selinux_extension = request.get_extension_by_name('selinuxContext')
if not selinux_extension:
print('ERROR certificate: No extension selinuxContext in request %s' %
request_path)
exit(1)
if not is_digital:
if not verify_user_context(subject.CN, selinux_extension.get_value()):
print(
'ERROR certificate: Invalid SELinux context in request file %s'
% request_path)
exit(1)
certificate.add_ext(selinux_extension)
certificate.add_ext(X509.new_extension('basicConstraints', 'CA:FALSE', 1))
if is_digital:
certificate.add_ext(
X509.new_extension('keyUsage', 'Digital Signature', 1))
if not output:
output = path.abspath(path.curdir) + '/%s.crt' % DEFAULT_FIELDS['CN']
certificate.sign(ca_private_key, 'sha1')
certificate.save(output)
if is_printed:
print(certificate.as_text())
print('Certificate was saved to %s' % output)
def _do_req(self):
"""Create a certificate request; return a certificate request object."""
csr = SpokeCSR(self.cn, self.reqca.ca_name)
csr.create()
req = X509.load_request(self.req_file, format=1)
return req
