def generate_self_signed_cert_pair(key_size, valid_for_days,
signature_alg, subject):
"""Generate self signed certificate and key pair"""
validate_cert_params(key_size, valid_for_days,
signature_alg, subject)
# generate key pair
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, key_size)
# generate certificate
cert = crypto.X509()
cert.get_subject().C = subject.get(CERT_SUBJECT_COUNTRY, 'US')
cert.get_subject().ST = subject.get(CERT_SUBJECT_STATE, 'California')
cert.get_subject().O = subject.get(CERT_SUBJECT_ORG, 'MyOrg')
cert.get_subject().OU = subject.get(CERT_SUBJECT_UNIT, 'MyUnit')
cert.get_subject().CN = subject.get(CERT_SUBJECT_HOST, 'myorg.com')
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(valid_for_days * 24 * 60 * 60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key)
cert.set_serial_number(int(time()))
cert.sign(key, signature_alg)
return cert, key
评论列表
文章目录
