def make_certs(cfg): cname = 'Microsoft CNTK Demo' cakey = createKeyPair(crypto.TYPE_RSA, 2048) careq = createCertRequest(cakey, CN=cname) # CA certificate is valid for five years. cacert = createCertificate(careq, (careq, cakey), 0, (0, 60 * 60 * 24 * 365 * 5)) # print('Creating Certificate Authority private key in "%s"' % cfg.SSL_KEY) # with open(cfg.SSL_KEY, 'w') as capkey: # capkey.write( # crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8') # ) # print('Creating Certificate Authority certificate in "%s"' % cfg.SSL_CERT) # with open(cfg.SSL_CERT, 'w') as ca: # ca.write( # crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8') # ) pkey = createKeyPair(crypto.TYPE_RSA, 2048) req = createCertRequest(pkey, CN=cname) # Certificates are valid for five years. cert = createCertificate(req, (cacert, cakey), 1, (0, 60 * 60 * 24 * 365 * 5)) with open(cfg.SSL_KEY, 'w') as leafpkey: leafpkey.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8')) print('[SUCCESS] Created Certificate private key in "%s"' % cfg.SSL_KEY) with open(cfg.SSL_CERT, 'w') as leafcert: leafcert.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) print('[SUCCESS] Created Certificate certificate in "%s"' % cfg.SSL_CERT)
def create_https_certificates(ssl_cert, ssl_key): """ Create a pair of self-signed HTTPS certificares and store in them in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from plexpy import logger from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, \ TYPE_RSA, serial # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN="Certificate Authority") cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN="PlexPy") cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create a pair of self-signed HTTPS certificares and store in them in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from plexcs import logger from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, \ TYPE_RSA, serial # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN="Certificate Authority") cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN="Plex:CS") cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' """ try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except ImportError: log.error("pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL") return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'XDM' pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except: log("Error creating SSL key and certificate") return False return True
def generateIn(directory): cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) # five years #open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey)) #open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) CN = raw_input("CN: ").strip() O = raw_input("O: ").strip() pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=CN, O=O) cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*365*5)) # five years open(join(directory, 'server.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(join(directory, 'server.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def gen_ca(params={}): try: # read from existing CA files if 'gen_new' in params and params['gen_new']: raise ValueError # skip reading from file with open("CA.pkey", 'r') as CA_key: cakey = crypto.load_privatekey(crypto.FILETYPE_PEM, CA_key.read()) with open("CA.cert", 'r') as CA_cert: cacert = crypto.load_certificate(crypto.FILETYPE_PEM, CA_cert.read()) return cacert, cakey except: if 'SN' not in params: params['SN'] = 0 cakey = createKeyPair() not_before_offset, not_after_offset = get_time_offset(params) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), params['SN'], (not_before_offset, not_after_offset)) if 'gen_new' not in params: if write_ca_to_disk(cacert, False) and write_ca_to_disk( cakey, True): return cacert, cakey else: print("Failed to write CA files to disk") import sys sys.exit(1) else: return cacert, cakey
def create_https_certificates(ssl_cert, ssl_key): """ Create a self-signed HTTPS certificate and store in it in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from OpenSSL import crypto from certgen import createKeyPair, createSelfSignedCertificate, TYPE_RSA serial = int(time.time()) domains = [ 'DNS:' + d.strip() for d in plexpy.CONFIG.HTTPS_DOMAIN.split(',') if d ] ips = ['IP:' + d.strip() for d in plexpy.CONFIG.HTTPS_IP.split(',') if d] altNames = ','.join(domains + ips) # Create the self-signed Tautulli certificate logger.debug(u"Generating self-signed SSL certificate.") pkey = createKeyPair(TYPE_RSA, 2048) cert = createSelfSignedCertificate(("Tautulli", pkey), serial, (0, 60 * 60 * 24 * 365 * 10), altNames) # ten years # Save the key and certificate to disk try: with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create a self-signed HTTPS certificate and store in it in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from OpenSSL import crypto from certgen import createKeyPair, createSelfSignedCertificate, TYPE_RSA serial = int(time.time()) domains = ['DNS:' + d.strip() for d in plexpy.CONFIG.HTTPS_DOMAIN.split(',') if d] ips = ['IP:' + d.strip() for d in plexpy.CONFIG.HTTPS_IP.split(',') if d] altNames = ','.join(domains + ips) # Create the self-signed PlexPy certificate logger.debug(u"Generating self-signed SSL certificate.") pkey = createKeyPair(TYPE_RSA, 2048) cert = createSelfSignedCertificate(("PlexPy", pkey), serial, (0, 60 * 60 * 24 * 365 * 10), altNames) # ten years # Save the key and certificate to disk try: with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def generateIn(directory): cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), 0, (0, 60 * 60 * 24 * 365 * 5)) # five years #open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey)) #open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) CN = raw_input("CN: ").strip() O = raw_input("O: ").strip() pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=CN, O=O) cert = createCertificate(req, (cacert, cakey), 1, (0, 60 * 60 * 24 * 365 * 5)) # five years open(join(directory, 'server.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(join(directory, 'server.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def create_https_certificates(ssl_cert, ssl_key): """ Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' """ try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except ImportError: log.error( "pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL" ) return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'XDM' pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except: log("Error creating SSL key and certificate") return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create a self-signed HTTPS certificate and store in it in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ try: from OpenSSL import crypto except ImportError: logger.error( "Unable to generate self-signed certificates: Missing OpenSSL module." ) return False from certgen import createKeyPair, createSelfSignedCertificate, TYPE_RSA issuer = common.PRODUCT serial = timestamp() not_before = 0 not_after = 60 * 60 * 24 * 365 * 10 # ten years domains = [ 'DNS:' + d.strip() for d in plexpy.CONFIG.HTTPS_DOMAIN.split(',') if d ] ips = ['IP:' + d.strip() for d in plexpy.CONFIG.HTTPS_IP.split(',') if d] alt_names = ','.join(domains + ips).encode('utf-8') # Create the self-signed Tautulli certificate logger.debug("Generating self-signed SSL certificate.") pkey = createKeyPair(TYPE_RSA, 2048) cert = createSelfSignedCertificate(issuer, pkey, serial, not_before, not_after, alt_names) # Save the key and certificate to disk try: with open(ssl_cert, "w") as fp: fp.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) with open(ssl_key, "w") as fp: fp.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8')) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def gen_leaf_cert(level, signing_cert, signing_key, params={}, accurate=False): global certs if len(certs[level]['leafs']) > 0: sn = int(max(certs[level]['leafs'].keys())) + 1 else: sn = 11 params['CN'] = "Leaf cert signed by intermediate with SN: {}".format( get_serial_number(signing_cert)) params['SN'] = sn leafkey = createKeyPair() leafcert = gen_cert(leafkey, signing_cert, signing_key, params) certs[level]['leafs'][sn] = (leafcert, leafkey, accurate) return leafcert, leafkey
def gen_intermediate(level, cacert, cakey, params={}): global certs if len(certs[level]['intermediates']) > 0: sn = int(max(certs[level]['intermediates'].keys())) + 1 else: sn = 1 params['CN'] = "Intermediate of CA with SN: {}".format( get_serial_number(cacert)) params['SN'] = sn intkey = createKeyPair() intcert = gen_cert(intkey, cacert, cakey, params) certs[level]['intermediates'][sn] = (intcert, intkey) return intcert, intkey
def create_https_certificates(ssl_cert, ssl_key): ''' Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' ''' try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except Exception, e: logger.error(e) logger.error('You need pyopenssl and OpenSSL to make a cert') return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'Htpc-Manager' pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert,
with open(fname + '.skey', 'w') as f: f.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode('utf-8')) with open(fname + '.cert', 'w') as f: f.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) return if __name__ == "__main__": AA_keysize = 2048 cert_authority = 'Adhoc Authority' # creates the keypair of size 1024 AA_key = createKeyPair(TYPE_RSA, AA_keysize) # creates the cert request with the key and name AA_req = createCertRequest(AA_key, CN=cert_authority) # creates the cert for 5 years valid_dur = 60 * 60 * 24 * 365 * 5 # certificate generation # Adhoc Authority signs its own key (self signed) AA_cert = createCertificate(AA_req, (AA_req, AA_key), 0, (0, valid_dur)) write_certkey_pem('AA', AA_key, AA_cert) # now AA issues (or don't) to some parties AA_issue = (AA_cert, AA_key)
def create_https_certificates(ssl_cert, ssl_key): ''' Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' ''' try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except Exception, e: logger.error(e) logger.error('You need pyopenssl and OpenSSL to make a cert') return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'Htpc-Manager' pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except Exception as e: logger.error('Error creating SSL key and certificate %s' % e) return False
""" Create certificates and private keys for the 'simple' example. """ from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, \ TYPE_RSA, TYPE_DSA FIVE_YEARS = 60*60*24*365*5 BIT_LENGTH = 1024 serial_number = 0 # Create a self signed CA certificate cakey = createKeyPair(TYPE_RSA, BIT_LENGTH) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial_number, (0, FIVE_YEARS)) serial_number += 1 with open('simple/CA.pkey', 'w') as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey)) with open('simple/CA.cert', 'w') as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) # Create the server and client certificate signed by the CA created above for (fname, cname) in [('client', 'Simple Client'), ('server', 'Simple Server')]: pkey = createKeyPair(TYPE_RSA, BIT_LENGTH) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial_number, (0, FIVE_YEARS)) serial_number += 1 with open('simple/%s.pkey' % (fname,), 'w') as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) with open('simple/%s.cert' % (fname,), 'w') as f:
""" Create certificates and private keys for the 'simple' example. """ from __future__ import print_function from OpenSSL import crypto from certgen import ( createKeyPair, createCertRequest, createCertificate, ) cakey = createKeyPair(crypto.TYPE_RSA, 2048) careq = createCertRequest(cakey, CN='Certificate Authority') # CA certificate is valid for five years. cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) print('Creating Certificate Authority private key in "simple/CA.pkey"') with open('simple/CA.pkey', 'w') as capkey: capkey.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8') ) print('Creating Certificate Authority certificate in "simple/CA.cert"') with open('simple/CA.cert', 'w') as ca: ca.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8') ) for (fname, cname) in [('client', 'Simple Client'),