Daniel Crespo írta:
Hello everybody,
I'm trying to implement a secure xmlrpc server with basis on
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496786 recipe.
The thing that I'm concerned about is how can I get/create rapidly the
.pem files (the key and cert).
Any help?
Hello,
If you have OpenSSL installed, you can do the following:
1. Create a new directory and place the two attached files in it
(openssl.cnf and generate.sh)
2. Run "chmod +x gen_cert.sh ; ./gen_cert.sh yourdomain.com"
3. Answer to the questions. Be sure that your common name is your domain
name.
Then you will find PEM and DER formatted files. You should use the
unencrypted key.pem and cert.pem files.
Let me know if you have any problem.
Best,
Laszlo
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = .rnd
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = demoCA # Where everything is kept
certs = $dir\certs # Where the issued certs are kept
crl_dir = $dir\crl # Where the issued crl are kept
database = $dir\index.txt # database index file.
new_certs_dir = $dir\newcerts # default place for new certs.
certificate = $dir\cacert.pem # The CA certificate
serial = $dir\serial # The current serial number
crl = $dir\crl.pem # The current CRL
private_key = $dir\private\cakey.pem # The private key
RANDFILE = $dir\private\private.rnd # private random number file
x509_extensions = x509v3_extensions # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your website's domain name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ x509v3_extensions ]
# under ASN.1, the 0 bit would be encoded as 80
nsCertType = 0x40
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType
openssl req -config openssl.cnf -new -out my-server.csr
openssl rsa -in privkey.pem -out my-server.key
openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key
-days 1500
openssl x509 -in my-server.cert -out my-server.der.crt -outform DER
mv my-server.csr $1.csr
mv my-server.cert $1.cert.pem
mv my-server.key $1.key.pem
mv my-server.der.crt $1.der.crt
rm privkey.pem
rm -f .rnd
--
http://mail.python.org/mailman/listinfo/python-list
