def create_https_certificates(ssl_cert, ssl_key): """ Create a pair of self-signed HTTPS certificares and store in them in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from plexpy import logger from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, \ TYPE_RSA, serial # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN="Certificate Authority") cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN="PlexPy") cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' """ try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except ImportError: log.error("pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL") return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'XDM' pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except: log("Error creating SSL key and certificate") return False return True
def create_https_certificates(ssl_cert, ssl_key): """ Create a pair of self-signed HTTPS certificares and store in them in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from plexcs import logger from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, \ TYPE_RSA, serial # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN="Certificate Authority") cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN="Plex:CS") cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except IOError as e: logger.error("Error creating SSL key and certificate: %s", e) return False return True
def make_certs(cfg): cname = 'Microsoft CNTK Demo' cakey = createKeyPair(crypto.TYPE_RSA, 2048) careq = createCertRequest(cakey, CN=cname) # CA certificate is valid for five years. cacert = createCertificate(careq, (careq, cakey), 0, (0, 60 * 60 * 24 * 365 * 5)) # print('Creating Certificate Authority private key in "%s"' % cfg.SSL_KEY) # with open(cfg.SSL_KEY, 'w') as capkey: # capkey.write( # crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8') # ) # print('Creating Certificate Authority certificate in "%s"' % cfg.SSL_CERT) # with open(cfg.SSL_CERT, 'w') as ca: # ca.write( # crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8') # ) pkey = createKeyPair(crypto.TYPE_RSA, 2048) req = createCertRequest(pkey, CN=cname) # Certificates are valid for five years. cert = createCertificate(req, (cacert, cakey), 1, (0, 60 * 60 * 24 * 365 * 5)) with open(cfg.SSL_KEY, 'w') as leafpkey: leafpkey.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8')) print('[SUCCESS] Created Certificate private key in "%s"' % cfg.SSL_KEY) with open(cfg.SSL_CERT, 'w') as leafcert: leafcert.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) print('[SUCCESS] Created Certificate certificate in "%s"' % cfg.SSL_CERT)
def generateIn(directory): cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) # five years #open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey)) #open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) CN = raw_input("CN: ").strip() O = raw_input("O: ").strip() pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=CN, O=O) cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*365*5)) # five years open(join(directory, 'server.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(join(directory, 'server.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def gen_ca(params={}): try: # read from existing CA files if 'gen_new' in params and params['gen_new']: raise ValueError # skip reading from file with open("CA.pkey", 'r') as CA_key: cakey = crypto.load_privatekey(crypto.FILETYPE_PEM, CA_key.read()) with open("CA.cert", 'r') as CA_cert: cacert = crypto.load_certificate(crypto.FILETYPE_PEM, CA_cert.read()) return cacert, cakey except: if 'SN' not in params: params['SN'] = 0 cakey = createKeyPair() not_before_offset, not_after_offset = get_time_offset(params) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), params['SN'], (not_before_offset, not_after_offset)) if 'gen_new' not in params: if write_ca_to_disk(cacert, False) and write_ca_to_disk( cakey, True): return cacert, cakey else: print("Failed to write CA files to disk") import sys sys.exit(1) else: return cacert, cakey
def generateIn(directory): cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), 0, (0, 60 * 60 * 24 * 365 * 5)) # five years #open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey)) #open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) CN = raw_input("CN: ").strip() O = raw_input("O: ").strip() pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=CN, O=O) cert = createCertificate(req, (cacert, cakey), 1, (0, 60 * 60 * 24 * 365 * 5)) # five years open(join(directory, 'server.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(join(directory, 'server.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def generate_certs(**kwargs): domains = kwargs.get('domains') d = {} ca_keypair = generate_keypair() d['ca_key'] = ca_keypair cakey = ca_keypair['key'] careq = certgen.createCertRequest(cakey, CN='Certificate Authority') cacert = certgen.createCertificate(careq, careq, cakey, 0, 0, 60*60*24*365*5) d['ca_cert'] = OpenSSL.crypto.dump_certificate(PEM, cacert) if isinstance(d['ca_cert'], bytes): delim = b'\n' else: delim = '\n' for domain in domains: keypair = generate_keypair() req = certgen.createCertRequest(keypair['key'], CN=domain) cert = certgen.createCertificate(req, cacert, cakey, 1, 0, 60*60*24*365*5) d[domain] = { 'keypair':keypair, 'pkey':OpenSSL.crypto.dump_privatekey(PEM, keypair['key']), 'cert':OpenSSL.crypto.dump_certificate(PEM, cert), } d[domain]['fullchain'] = delim.join([d[domain]['cert'], d['ca_cert']]) return d
def create_https_certificates(ssl_cert, ssl_key): """ Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' """ try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except ImportError: log.error( "pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL" ) return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 1024) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'XDM' pkey = createKeyPair(TYPE_RSA, 1024) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except: log("Error creating SSL key and certificate") return False return True
def gen_cert(target_key, signing_cert, signing_key, params): # Check Params if 'CN' not in params: print("CN is a required parameter") import sys sys.exit(1) not_before_offset, not_after_offset = get_time_offset(params) if 'extensions' not in params: params['extensions'] = [] # genrate CSR request = createCertRequest(target_key, CN=params['CN'], extensions=params['extensions']) # kindly fulfill the request cert = createCertificate(request, (signing_cert, signing_key), params['SN'], (not_before_offset, not_after_offset)) return cert
def create_https_certificates(ssl_cert, ssl_key): ''' Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key' ''' try: from OpenSSL import crypto from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial except Exception, e: logger.error(e) logger.error('You need pyopenssl and OpenSSL to make a cert') return False # Create the CA Certificate cakey = createKeyPair(TYPE_RSA, 2048) careq = createCertRequest(cakey, CN='Certificate Authority') cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years cname = 'Htpc-Manager' pkey = createKeyPair(TYPE_RSA, 2048) req = createCertRequest(pkey, CN=cname) cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years # Save the key and certificate to disk try: open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
""" Create certificates and private keys for the 'simple' example. """ from __future__ import print_function from OpenSSL import crypto from certgen import ( createKeyPair, createCertRequest, createCertificate, ) cakey = createKeyPair(crypto.TYPE_RSA, 2048) careq = createCertRequest(cakey, CN='Certificate Authority') # CA certificate is valid for five years. cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) print('Creating Certificate Authority private key in "simple/CA.pkey"') with open('simple/CA.pkey', 'w') as capkey: capkey.write( crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8') ) print('Creating Certificate Authority certificate in "simple/CA.cert"') with open('simple/CA.cert', 'w') as ca: ca.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8') ) for (fname, cname) in [('client', 'Simple Client'),
with open(fname + '.cert', 'w') as f: f.write( crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')) return if __name__ == "__main__": AA_keysize = 2048 cert_authority = 'Adhoc Authority' # creates the keypair of size 1024 AA_key = createKeyPair(TYPE_RSA, AA_keysize) # creates the cert request with the key and name AA_req = createCertRequest(AA_key, CN=cert_authority) # creates the cert for 5 years valid_dur = 60 * 60 * 24 * 365 * 5 # certificate generation # Adhoc Authority signs its own key (self signed) AA_cert = createCertificate(AA_req, (AA_req, AA_key), 0, (0, valid_dur)) write_certkey_pem('AA', AA_key, AA_cert) # now AA issues (or don't) to some parties AA_issue = (AA_cert, AA_key) issue_dur = 60 * 60 * 24 * 365 * 1 parties = [('alice', 'Alice (signed AA)', 2048, AA_issue, 12345), ('bob', 'Bob (signed AA)', 2048, AA_issue, 56789),