Commit 7da3435e authored by ale's avatar ale

polished the newcert.py tool

parent 87bad57d
......@@ -4,17 +4,50 @@
import os, sys
import certutil
import optparse
import urllib
import urllib2
from OpenSSL import crypto
AUTOCA_URL = "http://www.autistici.org/internalca"
AUTOCA_CONF = "ca.yml"
def main():
cn = sys.argv[1]
ca = certutil.CA("ca.yml", load=False)
parser = optparse.OptionParser(usage="Usage: newcert [<OPTIONS>] <CN>")
parser.add_option("-c", "--config", dest="config_file", default=AUTOCA_CONF,
help="Load CA configuration from this file")
parser.add_option("-u", "--ca-url", dest="ca_url", default=AUTOCA_URL,
help="Set AutoCA endpoint URL")
parser.add_option("-o", "--output", dest="output_base", default="newcert",
help="Set the name of the output files (minus the extension)")
opts, args = parser.parse_args()
if len(args) != 1:
parser.error("Wrong number of arguments")
cn = args[0]
ca = certutil.CA(opts.config_file, load=False)
pkey = ca.create_rsa_key_pair()
req = ca.create_cert_request(pkey, CN=cn)
open("newreq.key", "w", 0600).write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open("newreq.csr", "w").write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
print "key and request written to newreq.{key,csr}"
key_file = "%s.key" % opts.output_base
csr_file = "%s.csr" % opts.output_base
crt_file = "%s.pem" % opts.output_base
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
open(key_file, "w").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.chmod(key_file, 0400)
open(csr_file, "w").write(csr)
data = urllib.urlencode({"cert": csr})
req = urllib2.urlopen(AUTOCA_URL + "/sign", data)
signed = req.read()
open(crt_file, "w").write(signed)
print "private key saved in %s" % key_file
print "public cert saved in %s" % crt_file
if __name__ == "__main__":
main()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment