[pyOpenSSL-Users] Seems like no way to reproduce format from the command line
Toby Roseman
toby at graphlab.com
Fri Sep 19 20:49:44 CEST 2014
Hi all -
I am trying to generate a Private Key and a corresponding self-signed
Public Key Certificate. These will be used to enable HTTPS on a AWS EC2
Loadbalancer. I can easily do this using the command line openssl tool,
with the following commands:
openssl genrsa 1024 > privatekey.pem
openssl req -new -key privatekey.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out
server.crt
(For the second command I just leave all of the questions blanks. The files
I actually use are: privatekey.pem and server.crt)
I want to use pyopenssl to generate new a private key and certificate in
the same format as the above. After several hours of playing around with
pyopenssl and reading the documentation, I still have no clue how to do it.
The closest I could get is:
from OpenSSL import crypto
req = crypto.X509Req()
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)
req.set_pubkey(pkey)
req.sign(pkey, 'sha1')
print crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
print crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
I think this should do the same thing as the command line, but it doesn't.
Neither of the two required files are right. The length of their data
strings are different. Also the header lines don't match. For the command
line the two header are:
"-----BEGIN CERTIFICATE-----" and "-----BEGIN RSA PRIVATE KEY-----". For
pyopenssl, they are: "-----BEGIN CERTIFICATE REQUEST-----" and "-----BEGIN
PRIVATE KEY-----".
Any help is appreciated. Thanks.
Toby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pyopenssl-users/attachments/20140919/6d4bd7d1/attachment.html>
More information about the pyopenssl-users
mailing list