def create_x509_certificate(ca_cert, ca_privkey, cert_passphrase_callback, ca_passphrase_callback, serial=0, notbefore=now(), notafter=plus_twentyyears(now()), **name): """Create and return a new x509 certificate using a Certificate Authority @param ca_cert: The Certificate Authority to use to create the new X509 certificate @type ca_cert: M2Crypto.X509.X509 instance @param ca_privkey: The Certificate Authority private key, its the private key which was used for sign the CA @type ca_privkey: M2Crypto.RSA.RSA instance @param cert_passphrase_callback: A Python callable object that is invoked during key generation; its usual purpose is to provide visual feedback. @type cert_passphrase_callback: Callback @param ca_passphrase_callback: A Python callable object that is invoked during the new certificate signature; its usual purpose is to provide visual feedback. @param serial: Serial number for the certificate, default is 0 @type serial: Integer @param notbefore: datetime.datetime instance when the certificate starts being valid, default is 0 @type notbefore: datetime.datetime instance @param notafter: datetime.datetime instance when the certificate stops being valid, default is 20 years @type notafter: datetime.datetime instance @param: **name - The name of the subject of the request, possible arguments are: C - Country name ST - State or province name L - Locality name O - Organization name OU - Organizational unit name CN - Common name emailAddress - E-mail address """ pubkey, privkey = create_rsa_keyring( passphrase_callback=cert_passphrase_callback) priv_evp = as_evp_pkey(privkey) pub_evp = as_evp_pkey(pubkey) ca_privkey_evp = as_evp_pkey(ca_privkey) cert_req = create_cert_request(pub_evp, priv_evp, **name) cert = create_certificate( cert_req, (ca_cert, ca_privkey_evp), serial, (notbefore, notafter) ) return cert, pubkey, privkey
def create_x509_cert(ca_cert, cacert_privkey, serial): mynow = now() cert, pub, priv = pki.create_x509_certificate(ca_cert, cacert_privkey, cert_passphrase_callback=passphrase_callback, ca_passphrase_callback=ca_passphrase_callback, notbefore=mynow, notafter=plus_twentyyears(mynow), serial=serial, O=my_org, L=my_location, CN=my_certname) return cert, pub, priv
def create_certificate_authority(passphrase_callback, serial=0, notbefore=now(), notafter=plus_twentyyears(now()), digest="md5", **name): """Function to create a certificate authority. @param passphrase_callback: a callback that will be called without argument and that must return the passphrase you want to use on your CA key @type passphrase_callback: callable @param serial: Serial number for the certificate, default is 0 @type serial: Integer @param notbefore: datetime.datetime instance when the certificate starts being valid, default is now @type notbefore: datetime.datetime instance @param notafter: datetime.datetime instance when the certificate stops being valid, default is 20 years more than now @type notafter: datetime.datetime instance @param: **name - The name of the subject of the request, possible arguments are: C - Country name ST - State or province name L - Locality name O - Organization name OU - Organizational unit name CN - Common name emailAddress - E-mail address """ assert isinstance(notbefore, datetime.datetime) assert isinstance(notafter, datetime.datetime) pubkey, privkey = create_rsa_keyring( passphrase_callback=passphrase_callback) ca_priv_evp = as_evp_pkey(privkey) ca_pub_evp = as_evp_pkey(pubkey) ca_cert_req = create_cert_request(ca_pub_evp, ca_priv_evp, digest, **name) ca_cert = create_certificate( ca_cert_req, (ca_cert_req, ca_priv_evp), serial, (notbefore, notafter) ) return ca_cert, pubkey, privkey