Skip to content

jdhellfire/OpenCA

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

OpenCA-ROOT

OpenCA-ROOT

 
 

OpenCA.egg-info

OpenCA.egg-info

 
 

OpenCA

OpenCA

 
 

__pycache__

__pycache__

 
 

build/lib/OpenCA

build/lib/OpenCA

 
 

dist

dist

 
 

README.md

README.md

 
 

TODO

TODO

 
 

setup.py

setup.py

 
 

Repository files navigation

OpenCA

A tool based on pyOpenSSL to easily create and manage Certification Authorities.

Install - pip3 install OpenCA

from OpenCA import createCA, signReqCA, createCSR
createCA('root','ROOT','root-pass',{'CN':'FQDN_ROOT'})
createCA('int','INTERMEDIATE','inter-pass',{'CN':'FQDN_INETRMEDIATE'})

signReqCA('ROOT','INTERMEDIATE','root-pass','ca')

createCSR('USER','user-pass',{'CN':'FQDN_USER'})
createCSR('SERVER','server-pass',{'CN':'FQDN_SERVER'})

signReqCA('INTERMEDIATE','USER.csr.pem','inter-pass','usr')
signReqCA('INTERMEDIATE','SERVER.csr.pem','inter-pass','svr')

from OpenCA import Utils
Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('INTERMEDIATE/certs/INTERMEDIATE.cert.pem','rb').read()) # True

Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('USER.cert.pem','rb').read()) # False
Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('SERVER.cert.pem','rb').read()) # False
Utils.verify_chain('INTERMEDIATE/certs/INTERMEDIATE.cert.pem',open('USER.cert.pem','rb').read()) # False
Utils.verify_chain('INTERMEDIATE/certs/INTERMEDIATE.cert.pem',open('SERVER.cert.pem','rb').read()) # False

# End Certificates can only be verified using the chain of trust

Utils.verify_chain('INTERMEDIATE/certs/ROOT.INTERMEDIATE.chain.pem',open('USER.cert.pem','rb').read()) # True
Utils.verify_chain('INTERMEDIATE/certs/ROOT.INTERMEDIATE.chain.pem',open('SERVER.cert.pem','rb').read()) # True

create ROOT CA -

from OpenCA import createCA
createCA('root','ROOT_NAME','ROOT_PASS', {'CN':'FQDN.Goes.Here'})

create Intermediate CA -

from OpenCA import createCA, signReqCA

createCA('int', 'INTERMEDIATE_NAME', 'INT_PASS', {'CN':'FQDN.Should.Not.Be.Same.As.Of.Root.CA'})
signReqCA('PATH_TO_ROOT_CA_FOLDER','PATH_TO_INTERMEDIATE_CA_FOLDER','ROOT_PASS', csr_type = 'ca' )

signReqCA saves the certificate of Intermediate CA in ROOT CA's newcerts directory and enrolls it in index.db. return value of signReqCA is the certificate bytes of Intermediate CA's generated certificate.

For user or servers -

Users/server generates a PKey and CSR and hands it over to Intermediate CA.

	from OpenCA import createCSR
	createCSR('User','User_password',{'CN':'USER_FQDN'})

It will create two files in the current directory -

	1.User.private.pem
	2.User.csr.pem

create End user certificate on Intermediate CA-

	from OpenCA import signReqCA
	signReqCA('PATH_TO_INTERMEDIATE_CA_FOLDER','PATH_TO_CSR_OF_USER_OR_SERVER','INT_PASS', csr_type = <'usr' or 'svr'> )

About

A tool based on pyOpenSSL to easily create and manage Certification Authorities.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%