aboutsummaryrefslogtreecommitdiff
path: root/createcert.py
diff options
context:
space:
mode:
Diffstat (limited to 'createcert.py')
-rw-r--r--createcert.py55
1 files changed, 55 insertions, 0 deletions
diff --git a/createcert.py b/createcert.py
new file mode 100644
index 0000000..43e7384
--- /dev/null
+++ b/createcert.py
@@ -0,0 +1,55 @@
+import datetime
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509 import NameOID
+
+key = rsa.generate_private_key(
+ public_exponent=65537,
+ key_size=2048,
+)
+# Write our key to disk for safe keeping
+with open("test.key", "wb") as f:
+ f.write(key.private_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL,
+ encryption_algorithm=serialization.NoEncryption()
+ ))
+
+subject = issuer = x509.Name([
+ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
+ x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),
+ x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
+ x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
+ x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"),
+])
+cert = x509.CertificateBuilder().subject_name(
+ subject
+).issuer_name(
+ issuer
+).public_key(
+ key.public_key()
+).serial_number(
+ x509.random_serial_number()
+).not_valid_before(
+ datetime.datetime.utcnow()
+).not_valid_after(
+ # Our certificate will be valid for 10 days
+ datetime.datetime.utcnow() + datetime.timedelta(days=2)
+).add_extension(
+ x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),
+ critical=False,
+ # Sign our certificate with our private key
+).sign(key, hashes.SHA256())
+# Write our certificate out to disk.
+with open("test.crt", "wb") as f:
+ f.write(cert.public_bytes(serialization.Encoding.PEM))
+
+with open("test.pem", "wb") as f:
+ f.write(key.private_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL,
+ encryption_algorithm=serialization.NoEncryption()
+ ))
+ f.write(cert.public_bytes(serialization.Encoding.PEM))
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 21:29:08 +0000