5

I am trying to generate self signed SSL certificates using Python, so that it is platform independent. My target is the *.pem format.

I found this script that generates certificates, but no information how to self-sign them.

Niklas
  • 2,732
  • 4
  • 20
  • 28
  • related: http://stackoverflow.com/questions/256405/programmatically-create-x509-certificate-using-openssl – jfs Sep 09 '11 at 13:33

2 Answers2

7

The script you've linked doesn't create self-signed certificate; it only creates a request.

To create self-signed certificate you could use openssl it is available on all major OSes.

$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

If you'd like to do it using M2Crypto then take a look at X509TestCase.test_mkcert() method.

jfs
  • 374,366
  • 172
  • 933
  • 1,594
  • Yay, a unit test that does it. Thank you, I'll look into that. As for openssl I am not sure how I can call that from python, making sure that it's available. – Niklas Sep 09 '11 at 21:37
  • I'm trying to do something similar - but trying to avoid writing files as much as possible - I'd rather store the data in a database. – Esa Dec 14 '11 at 08:36
  • The OP asked for platform independence: `so that it is platform independent` You can't expect everyone to have openssl installed on their machines. – Martin Apr 12 '18 at 19:27
0

You could use the openssl method that J.F. Sebastian stated from within Python.

Import the OS lib and call the command like this:

os.system("openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095")

If it requires user interaction, it might work if you run it via subprocess pipe and allow for raw input to answer any prompts.

rolve
  • 9,410
  • 4
  • 51
  • 71
Turing
  • 9
  • 1
  • The OP asked for platform independence: `so that it is platform independent` You can't expect everyone to have openssl installed on their machines. – Martin Apr 12 '18 at 19:27