Menu
I followed this url to create a X509 certificate. And the code is:
from OpenSSL import crypto, SSL from socket import gethostname from pprint import pprint from time import gmtime, mktime CERT_FILE = "selfsigned.crt" KEY_FILE = "private.key" def create_self_signed_cert(): # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_<wbr>RSA, 1024) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "UK" cert.get_subject().ST = "London" cert.get_subject().L = "London" cert.get_subject().O = "Dummy Company Ltd" cert.get_subject().OU = "Dummy Company Ltd" cert.get_subject().CN = gethostname() cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60) cert.set_issuer(cert.get_<wbr>subject()) cert.set_pubkey(k) cert.sign(k, 'sha1') open(CERT_FILE, "wt").write( crypto.dump_certificate(<wbr>crypto.FILETYPE_PEM, cert)) open(KEY_FILE, "wt").write( crypto.dump_privatekey(crypto.<wbr>FILETYPE_PEM, k)) create_self_signed_cert() But there is something wrong with the code when I run it. Could someone tell me what the meaning of <wbr>? There is a SyntaxError in cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60). Thx.
912
An X. 509 certificate contains an identity and a public key. It binds an identity -- such as an individual or hostname -- to a public key with a digital signature. The signature is either made by a trusted certificate authority (CA) or is self-signed.
Open cmd prompt, change directory to desktop & type command- openssl. It is a process of creating a simple x509 certificate that will be used for digital signatures. Press enter and fill in all the required information like the password for creating keys & a few personal information.
A version which works with python3
from OpenSSL import crypto, SSL def cert_gen( emailAddress="emailAddress", commonName="commonName", countryName="NT", localityName="localityName", stateOrProvinceName="stateOrProvinceName", organizationName="organizationName", organizationUnitName="organizationUnitName", serialNumber=0, validityStartInSeconds=0, validityEndInSeconds=10*365*24*60*60, KEY_FILE = "private.key", CERT_FILE="selfsigned.crt"): #can look at generated file using openssl: #openssl x509 -inform pem -in selfsigned.crt -noout -text # create a key pair k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 4096) # create a self-signed cert cert = crypto.X509() cert.get_subject().C = countryName cert.get_subject().ST = stateOrProvinceName cert.get_subject().L = localityName cert.get_subject().O = organizationName cert.get_subject().OU = organizationUnitName cert.get_subject().CN = commonName cert.get_subject().emailAddress = emailAddress cert.set_serial_number(serialNumber) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(validityEndInSeconds) cert.set_issuer(cert.get_subject()) cert.set_pubkey(k) cert.sign(k, 'sha512') with open(CERT_FILE, "wt") as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8")) with open(KEY_FILE, "wt") as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8")) cert_gen() If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
