-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcreate_certificate_authority.py
executable file
·50 lines (41 loc) · 1.36 KB
/
create_certificate_authority.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python3
"""
Become a Certificate Authority
Based on https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate
"""
from pathlib import Path
from subprocess import Popen
import click
@click.command()
@click.argument("name")
@click.option(
"--days",
type=int,
default=366,
help="The number of days for which the new CA will be valid. Defaults to 366 days (just over a year).",
)
def main(
name: str,
days: int,
) -> int:
"""
NAME: Any name you want to give to your new CA.
"""
# Create folder for our CA and its certificates.
out_dir = Path("out", name)
out_dir.mkdir(parents=True, exist_ok=True)
# Generate private key for the CA.
ca_key_path = Path(out_dir, "private.key")
if ca_key_path.exists():
print(f"Private key {ca_key_path} already exists.")
else:
print("Creating private for certificate authority…")
Popen(f"openssl genrsa -des3 -out '{ca_key_path}' 2048", shell=True).wait()
# Generate root certificate.
ca_root_path = Path(out_dir, "root.pem")
# TODO: maybe rotate the old file instead of overwriting?
command = f"openssl req -x509 -new -nodes -key '{ca_key_path}' -sha256 -days {days} -out '{ca_root_path}'"
Popen(command, shell=True).wait()
return 0
if __name__ == "__main__":
exit(main())