Signing a Certificate Using Created CA Cert by using Python script

Creating the CA certificate

pubkey = ca.domain_name
privkey = ca.domain_name
serialnumber = random.getrandbits(64)
k = crypto.PKey()
# create a self-signed cert
k.generate_key(crypto.TYPE_RSA, 4096)
cert = crypto.X509()
cert.get_subject().C = ca.country
cert.get_subject().ST = ca.state
cert.get_subject().L = ca.city
cert.get_subject().O = ca.org_name
cert.get_subject().OU = ca.org_unit
cert.get_subject().CN = ca.domain_name
cert.set_serial_number(serialnumber)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000) # 315360000 is in seconds.
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, ‘sha512’)
ca_certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
ca_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)

Creating CSR request & key

k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
# creaing the CRS request
req = crypto.X509Req()
req.get_subject().C = cert.country
req.get_subject().ST = cert.state
req.get_subject().L = cert.city
req.get_subject().O = cert.org_name
req.get_subject().OU = cert.org_unit
req.get_subject().CN = cert.domain_name
req.get_subject().emailAddress = cert.email
req.set_pubkey(k)
req.sign(k, ‘sha512’)
key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
# csr dump is optional

Creating the certificate and signing the certificate

serialnumber = random.getrandbits(64)
ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM, ca.certificate)
ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, ca.key)
certs = crypto.X509()
csr_req = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr)
certs.set_serial_number(serialnumber)
certs.gmtime_adj_notBefore(0)
certs.gmtime_adj_notAfter(31536000)
certs.set_subject(csr_req.get_subject())
certs.set_issuer(ca_cert.get_subject())
certs.set_pubkey(k)
certs.sign(ca_key, ‘sha512’)certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, certs)