-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgenerate_ca.py
53 lines (47 loc) · 1.72 KB
/
generate_ca.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import datetime
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
def generate_ca():
# Generate a private key
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
# Generate a self-signed certificate
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u'SY'),
x509.NameAttribute(NameOID.LOCALITY_NAME, u'Damascus'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'University'),
x509.NameAttribute(NameOID.COMMON_NAME, u'ITE')
])
certificate = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
private_key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=365)
).sign(
private_key, hashes.SHA256(), default_backend()
)
# Save private key
with open("ca_private_key.pem", "wb") as key_file:
key_file.write(private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
))
# Save self-signed certificate
with open("ca_certificate.pem", "wb") as cert_file:
cert_file.write(certificate.public_bytes(serialization.Encoding.PEM))
if __name__ == '__main__':
generate_ca()