Skip to content
/ OpenCA Public
forked from ash2shukla/OpenCA

A tool based on pyOpenSSL to easily create and manage Certification Authorities.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jdhellfire/OpenCA

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
OpenCA-ROOT
OpenCA-ROOT
 
 
OpenCA.egg-info
OpenCA.egg-info
 
 
OpenCA
OpenCA
 
 
__pycache__
__pycache__
 
 
build/lib/OpenCA
build/lib/OpenCA
 
 
dist
dist
 
 
README.md
README.md
 
 
TODO
TODO
 
 
setup.py
setup.py
 
 

Repository files navigation

OpenCA

A tool based on pyOpenSSL to easily create and manage Certification Authorities.

Install - pip3 install OpenCA

from OpenCA import createCA, signReqCA, createCSR
createCA('root','ROOT','root-pass',{'CN':'FQDN_ROOT'})
createCA('int','INTERMEDIATE','inter-pass',{'CN':'FQDN_INETRMEDIATE'})

signReqCA('ROOT','INTERMEDIATE','root-pass','ca')

createCSR('USER','user-pass',{'CN':'FQDN_USER'})
createCSR('SERVER','server-pass',{'CN':'FQDN_SERVER'})

signReqCA('INTERMEDIATE','USER.csr.pem','inter-pass','usr')
signReqCA('INTERMEDIATE','SERVER.csr.pem','inter-pass','svr')

from OpenCA import Utils
Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('INTERMEDIATE/certs/INTERMEDIATE.cert.pem','rb').read()) # True

Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('USER.cert.pem','rb').read()) # False
Utils.verify_chain('ROOT/certs/ROOT.cert.pem',open('SERVER.cert.pem','rb').read()) # False
Utils.verify_chain('INTERMEDIATE/certs/INTERMEDIATE.cert.pem',open('USER.cert.pem','rb').read()) # False
Utils.verify_chain('INTERMEDIATE/certs/INTERMEDIATE.cert.pem',open('SERVER.cert.pem','rb').read()) # False

# End Certificates can only be verified using the chain of trust

Utils.verify_chain('INTERMEDIATE/certs/ROOT.INTERMEDIATE.chain.pem',open('USER.cert.pem','rb').read()) # True
Utils.verify_chain('INTERMEDIATE/certs/ROOT.INTERMEDIATE.chain.pem',open('SERVER.cert.pem','rb').read()) # True

create ROOT CA -

from OpenCA import createCA
createCA('root','ROOT_NAME','ROOT_PASS', {'CN':'FQDN.Goes.Here'})

create Intermediate CA -

from OpenCA import createCA, signReqCA

createCA('int', 'INTERMEDIATE_NAME', 'INT_PASS', {'CN':'FQDN.Should.Not.Be.Same.As.Of.Root.CA'})
signReqCA('PATH_TO_ROOT_CA_FOLDER','PATH_TO_INTERMEDIATE_CA_FOLDER','ROOT_PASS', csr_type = 'ca' )

signReqCA saves the certificate of Intermediate CA in ROOT CA's newcerts directory and enrolls it in index.db. return value of signReqCA is the certificate bytes of Intermediate CA's generated certificate.

For user or servers -

Users/server generates a PKey and CSR and hands it over to Intermediate CA.

	from OpenCA import createCSR
	createCSR('User','User_password',{'CN':'USER_FQDN'})

It will create two files in the current directory -

	1.User.private.pem
	2.User.csr.pem

create End user certificate on Intermediate CA-

	from OpenCA import signReqCA
	signReqCA('PATH_TO_INTERMEDIATE_CA_FOLDER','PATH_TO_CSR_OF_USER_OR_SERVER','INT_PASS', csr_type = <'usr' or 'svr'> )

About

A tool based on pyOpenSSL to easily create and manage Certification Authorities.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%