TLS Certificate Utilities¶
Module for working with x.509 certificates.
- zaza.utilities.cert.generate_cert(common_name, alternative_names=None, password=None, issuer_name=None, signing_key=None, signing_key_password=None, generate_ca=False)¶
Generate x.509 certificate.
Example of how to create a certificate chain:
(cakey, cacert) = generate_cert( 'DivineAuthority', generate_ca=True) (crkey, crcert) = generate_cert( 'test.com', issuer_name='DivineAuthority', signing_key=cakey)
- Parameters:
common_name (str) – Common Name to use in generated certificate
alternative_names (Optional[list(str)]) – List of names to add as SubjectAlternativeName
password (Optional[str]) – Password to protect encrypted private key with
issuer_name (Optional[str]) – Issuer name, must match provided_private_key issuer
signing_key (Optional[str]) – PEM encoded PKCS8 formatted private key
signing_key_password (Optional[str]) – Password to decrypt private key
generate_ca (bool) – Generate a certificate usable as a CA certificate
- Returns:
x.509 certificate
- Return type:
cryptography.x509.Certificate
- zaza.utilities.cert.is_keys_valid(public_key_string, private_key_string)¶
Test whether these are a valid public/private key pair.
- Parameters:
public_key_string (str) – PEM encoded key data.
private_key_string (str) – OpenSSH encoded key data.
- zaza.utilities.cert.sign_csr(csr, ca_private_key, ca_cert=None, issuer_name=None, ca_private_key_password=None, generate_ca=False)¶
Sign CSR with the given key.
- Parameters:
csr (str) – Certificate to sign
ca_private_key (str) – Private key to be used to sign csr
ca_cert (str) – Cert to base some options from
issuer_name (Optional[str]) – Issuer name, must match provided_private_key issuer
ca_private_key_password (Optional[str]) – Password to decrypt ca_private_key
generate_ca (bool) – Allow resulting cert to be used as ca
- Returns:
x.509 certificate
- Return type:
cryptography.x509.Certificate