pfigue · April 8, 2014 16:03
diff --git a/openssl_create_certificate.py b/openssl_create_certificate.py
 #coding: utf-8

 from os import system
 from os.path import join
 from tempfile import mkdtemp

 # TODO
 # Convert into a proper commandline tool and pypi package
 # Dump a JSON with the config instead of running it, so I can run the same operation on several servers
 # Flag to install the files or not, or to install to other location
 # Flag to avoid removal of files
 # Tune the output dir
 # Tune the parameters from the command line
 # Flag to self-sign the cert or not
 # Generate random parameters, for testing certificates
 # Test/autometed-test the script

 def run(cmd):
        print('Going to run \'%s\'' % cmd)
        system(cmd)


 prefix = 'www.example.com'
 date = '20140408'
 owner = 'webapp'
 bits = 4096
 days = 365
 country = 'DE'
 region = 'Berlin'
 city = 'Berlin'
 organizationalUnit = 'IT'
 organization = 'Example GmbH'
 domain = 'www.example.com'  # FQDN of the site FIXME like prefix?
 emailAddress = 'tech-support@acme.de'

 subj = "/C=%s/ST=%s/O=%s/localityName=%s/"\
 	"commonName=%s/organizationalUnitName=%s/"\
 	"emailAddress=%s/" % (country, region, organization,\
 		city,domain, organizationalUnit, emailAddress)

 tmp_path = mkdtemp()
 final_path= '/etc/ssl/'

 privkey_name = '%s-%s.key' % (prefix, date)
 csr_name = '%s-%s.csr' % (prefix, date)
 crt_name = '%s-%s.crt' % (prefix, date)

 params = {
 	'bits': bits,
 	'days': 365,
 	'subj': subj,

 	'uid_name': owner,
 	'gid_name': owner,

 	'privkey_name': privkey_name,
 	'csr_name': csr_name,
 	'crt_name': crt_name,

 	'tmp_privkey': join(tmp_path, privkey_name),
 	'tmp_csr': join(tmp_path, csr_name),
 	'tmp_crt': join(tmp_path, crt_name),

 	'final_privkey': join(final_path, privkey_name),
 	'final_csr': join(final_path, csr_name),
 	'final_crt': join(final_path, crt_name),
 }

 # Generate private key
 run('openssl genrsa -out "%(tmp_privkey)s" "%(bits)s"' % params)

 # Generate Certificate Signed Request (CSR)
 run('openssl req -batch -new -key "%(tmp_privkey)s" -out "%(tmp_csr)s" -subj "%(subj)s"' % params)

 # Sign the CSR to get a certificate (CRT)
 run('openssl x509 -req -days "%(days)s" -in "%(tmp_csr)s" -signkey "%(tmp_privkey)s" -out "%(tmp_crt)s"' % params)

 # Install the 3 files with proper ownership
 # You may need root privs. for this
 run('mv "%(tmp_crt)s" "%(final_crt)s"' % params)
 run('mv "%(tmp_csr)s" "%(final_csr)s"' % params)
 run('mv "%(tmp_privkey)s" "%(final_privkey)s"' % params)
 run('chown %(uid_name)s:%(gid_name)s "%(final_privkey)s" "%(final_csr)s"' % params)

 # FIXME remove (shred) the tempdir
 run('shred -uz "%s"' % params['tmp_privkey'])
 run('shred -uz "%s"' % params['tmp_csr'])
 run('shred -uz "%s"' % params['tmp_crt'])
 run('rmdir "%s"' % tmp_path)
	#coding: utf-8

	from os import system
	from os.path import join
	from tempfile import mkdtemp

	# TODO
	# Convert into a proper commandline tool and pypi package
	# Dump a JSON with the config instead of running it, so I can run the same operation on several servers
	# Flag to install the files or not, or to install to other location
	# Flag to avoid removal of files
	# Tune the output dir
	# Tune the parameters from the command line
	# Flag to self-sign the cert or not
	# Generate random parameters, for testing certificates
	# Test/autometed-test the script

	def run(cmd):
	print('Going to run \'%s\'' % cmd)
	system(cmd)


	prefix = 'www.example.com'
	date = '20140408'
	owner = 'webapp'
	bits = 4096
	days = 365
	country = 'DE'
	region = 'Berlin'
	city = 'Berlin'
	organizationalUnit = 'IT'
	organization = 'Example GmbH'
	domain = 'www.example.com' # FQDN of the site FIXME like prefix?
	emailAddress = 'tech-support@acme.de'

	subj = "/C=%s/ST=%s/O=%s/localityName=%s/"\
	"commonName=%s/organizationalUnitName=%s/"\
	"emailAddress=%s/" % (country, region, organization,\
	city,domain, organizationalUnit, emailAddress)

	tmp_path = mkdtemp()
	final_path= '/etc/ssl/'

	privkey_name = '%s-%s.key' % (prefix, date)
	csr_name = '%s-%s.csr' % (prefix, date)
	crt_name = '%s-%s.crt' % (prefix, date)

	params = {
	'bits': bits,
	'days': 365,
	'subj': subj,

	'uid_name': owner,
	'gid_name': owner,

	'privkey_name': privkey_name,
	'csr_name': csr_name,
	'crt_name': crt_name,

	'tmp_privkey': join(tmp_path, privkey_name),
	'tmp_csr': join(tmp_path, csr_name),
	'tmp_crt': join(tmp_path, crt_name),

	'final_privkey': join(final_path, privkey_name),
	'final_csr': join(final_path, csr_name),
	'final_crt': join(final_path, crt_name),
	}

	# Generate private key
	run('openssl genrsa -out "%(tmp_privkey)s" "%(bits)s"' % params)

	# Generate Certificate Signed Request (CSR)
	run('openssl req -batch -new -key "%(tmp_privkey)s" -out "%(tmp_csr)s" -subj "%(subj)s"' % params)

	# Sign the CSR to get a certificate (CRT)
	run('openssl x509 -req -days "%(days)s" -in "%(tmp_csr)s" -signkey "%(tmp_privkey)s" -out "%(tmp_crt)s"' % params)

	# Install the 3 files with proper ownership
	# You may need root privs. for this
	run('mv "%(tmp_crt)s" "%(final_crt)s"' % params)
	run('mv "%(tmp_csr)s" "%(final_csr)s"' % params)
	run('mv "%(tmp_privkey)s" "%(final_privkey)s"' % params)
	run('chown %(uid_name)s:%(gid_name)s "%(final_privkey)s" "%(final_csr)s"' % params)

	# FIXME remove (shred) the tempdir
	run('shred -uz "%s"' % params['tmp_privkey'])
	run('shred -uz "%s"' % params['tmp_csr'])
	run('shred -uz "%s"' % params['tmp_crt'])
	run('rmdir "%s"' % tmp_path)
No results found