def create_payload(cert: crypto.X509, filename: str, pkcs12: bool, ca_cert: crypto.X509 = None): if ca_cert: ca_key = crypto.PKey() ca_key.generate_key(crypto.TYPE_RSA, 1024) ca_cert.set_pubkey(ca_key) ca_cert.sign(ca_key, 'sha1') key = crypto.PKey() key.generate_key(crypto.TYPE_RSA, 1024) cert.set_pubkey(key) cert.sign(key if not ca_cert else ca_key, 'sha1') if not pkcs12: with open(filename + '.crt', 'wb') as f: print('Writing certificate...') f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) with open(filename + '.key', 'wb') as f: print('Writing key... Password is ""') f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) if ca_cert: print('Writing ca_certififcate...') with open(filename + '_ca.crt', 'wb') as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca_cert)) else: store = crypto.PKCS12() if ca_cert: store.set_ca_certificates([ca_cert]) store.set_certificate(cert) store.set_privatekey(key) with open(filename + '.pfx', 'wb') as f: print('Writing PKCS12... No export password') f.write(store.export())