Signing a Certificate Using Created CA Cert by using Python script

Creating the CA certificate

pubkey = ca.domain_name
privkey = ca.domain_name
serialnumber = random.getrandbits(64)
k = crypto.PKey()
# create a self-signed cert
k.generate_key(crypto.TYPE_RSA, 4096)
cert = crypto.X509()
cert.get_subject().C = ca.country
cert.get_subject().ST = ca.state
cert.get_subject().L = ca.city
cert.get_subject().O = ca.org_name
cert.get_subject().OU = ca.org_unit
cert.get_subject().CN = ca.domain_name
cert.set_serial_number(serialnumber)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000) # 315360000 is in seconds.
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, ‘sha512’)
ca_certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
ca_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)

Creating CSR request & key

k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
# creaing the CRS request
req = crypto.X509Req()
req.get_subject().C = cert.country
req.get_subject().ST = cert.state
req.get_subject().L = cert.city
req.get_subject().O = cert.org_name
req.get_subject().OU = cert.org_unit
req.get_subject().CN = cert.domain_name
req.get_subject().emailAddress = cert.email
req.set_pubkey(k)
req.sign(k, ‘sha512’)
key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
# csr dump is optional

Creating the certificate and signing the certificate

serialnumber = random.getrandbits(64)
ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, ca.certificate)
ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, ca.key)
certs = crypto.X509()
csr_req = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr)
certs.set_serial_number(serialnumber)
certs.gmtime_adj_notBefore(0)
certs.gmtime_adj_notAfter(31536000)
certs.set_subject(csr_req.get_subject())
certs.set_issuer(ca_cert.get_subject())
certs.set_pubkey(k)
certs.sign(ca_key, ‘sha512’)certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, certs)

--

--

--

Associate security Engineer At Hsenid mobile

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} HARD BANG Hack Free Resources Generator

Introducing Parcel Beta

Platform Updates: July

Access to Medicine Part-6 (English)

Should I freeze my NFT Metadata?

Yobit Big Airdrop

Cheat sheet for Next Generation SOC (Security Operations Center)

Aleo✨ Project Overview

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
mohomed arfath

mohomed arfath

Associate security Engineer At Hsenid mobile

More from Medium

Setup formatting / linting for Python when committing

Getting started with Selenium as a screenshotting tool

Build Your First Transliterator Text Editor with Python Tkinter

PicoCTF — Python Wrangling