python openssl x509 CA

M.-A. Lemburg mal at egenix.com
Fri Oct 31 06:34:18 EDT 2008 

On 2008-10-31 11:10, Marcin Jurczuk wrote:
> Hello,
> I'm fighting with Certificate Authority functionality with python
> I stuck on following problem: How to sign CSR using CA key and write
> resulted certificate.
> 
> You can do it using following openssl cmd:
> openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
> policy_anything  -out user_cert.pem -infiles userreq.pem
> 
> My try was:
> import OpenSSL.crypto as pki
> #load CA key:
> ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open('CA/private/
> cakey.pem').read(),'haselko')
> #load user's csr:
> csr=pki.load_certificate_request(pki.FILETYPE_PEM,open('userreq.pem').read())
> # sign csr
> csr.sign(ca_key,'sha1')
> I don't get any erorrs however I dont' see any way to write or get
> result from such operation
> csr exports following methods:
> csr.add_extensions  csr.get_pubkey      csr.get_subject
> csr.set_pubkey      csr.sign            csr.verify

You need to use crypto.dump_certificate() to dump and then
write the certificate back to disk.

BTW: There's a good example in the pyOpenSSL examples dir
for these things:

http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/certgen.py
http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/mk_simple_certs.py

> I want to create pure python implementation without use of openssl
> wrapped with python code.

Good luck with that :-)

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Oct 31 2008)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-list mailing list