On 2008-10-31 11:10, Marcin Jurczuk wrote: > Hello, > I'm fighting with Certificate Authority functionality with python > I stuck on following problem: How to sign CSR using CA key and write > resulted certificate. > > You can do it using following openssl cmd: > openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy > policy_anything -out user_cert.pem -infiles userreq.pem > > My try was: > import OpenSSL.crypto as pki > #load CA key: > ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open('CA/private/ > cakey.pem').read(),'haselko') > #load user's csr: > csr=pki.load_certificate_request(pki.FILETYPE_PEM,open('userreq.pem').read()) > # sign csr > csr.sign(ca_key,'sha1') > I don't get any erorrs however I dont' see any way to write or get > result from such operation > csr exports following methods: > csr.add_extensions csr.get_pubkey csr.get_subject > csr.set_pubkey csr.sign csr.verify
You need to use crypto.dump_certificate() to dump and then write the certificate back to disk. BTW: There's a good example in the pyOpenSSL examples dir for these things: http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/certgen.py http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/examples/mk_simple_certs.py > I want to create pure python implementation without use of openssl > wrapped with python code. Good luck with that :-) -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Oct 31 2008) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ :::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 -- http://mail.python.org/mailman/listinfo/python-list