Skip to main content

A simple CLI for making a pki

Project description

simplepki

Simple Public Key Infrastructure intends to provide most of the components needed to manage a PKI. (With a few missing tools as of right now)

CLI

Get the CLI: pip install simplepki

You can pass --pass to most of these and it will ask for a passphrase to use to protect the key

Create the root CA:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Root CA"
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

mkdir $SP_ROOT
simplepki create root

Create a server certificate for blog.acme.com and www.acme.com:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create cert www.acme.com --dns blog.acme.com --dns www.acme.com

Create an intermediate CA:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Internal CA"
export SP_INTERMEDIATE=intermedaite
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create intermediate

Create a wildcard certificate for internal use, signed by the intermediate ca:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=intermediate
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create cert *.internal.acme.com --dns *.internal.acme.com

After running all the commands above you will end up with this

/tmp/simplepki/
├── [drwxrwxr-x]  intermediate
│   ├── [drwxrwxr-x]  certs
│   │   ├── [-rw-r--r--]  root.cert.pem
│   │   └── [-rw-r--r--]  wildcard_.internal.acme.com.cert.pem
│   └── [drwx------]  private
│       ├── [-r--------]  root.key.pem
│       └── [-r--------]  wildcard_.internal.acme.com.key.pem
└── [drwxrwxr-x]  root
    ├── [drwxrwxr-x]  certs
    │   ├── [-rw-r--r--]  root.cert.pem
    │   └── [-rw-r--r--]  www.acme.com.cert.pem
    └── [drwx------]  private
        ├── [-r--------]  root.key.pem
        └── [-r--------]  www.acme.com.key.pem

You will find the generated certificates in $SP_ROOT/ca_name/certs/ and private keys in $SP_ROOT/ca_name/private/

For more info about available flags, checkout out the help simplepki -h.

Contributions

Contributions are welcome. Currently we have a few features missing that we would like to add

  • client certificate
  • publish crl
  • sign csr with selected ca
  • create csr
  • that index.txt log file
  • crlnumber file
  • serial file

Disclaimer

This is based on the https://github.com/google/easypki which is written in golang

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

simplepki-0.0.6.tar.gz (6.1 kB view details)

Uploaded Source

Built Distribution

simplepki-0.0.6-py3-none-any.whl (6.9 kB view details)

Uploaded Python 3

File details

Details for the file simplepki-0.0.6.tar.gz.

File metadata

  • Download URL: simplepki-0.0.6.tar.gz
  • Upload date:
  • Size: 6.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.7.6

File hashes

Hashes for simplepki-0.0.6.tar.gz
Algorithm Hash digest
SHA256 d39d08dabb08d71e5d4b95bb05fb160d76fa06df38e8614a0f72e1e66429aaba
MD5 1930a465e63dd8ec49469bcbf5b784dd
BLAKE2b-256 6a12bcabc3822182d09543922c1bb7032b713d03babe6caf26882303fd74d754

See more details on using hashes here.

File details

Details for the file simplepki-0.0.6-py3-none-any.whl.

File metadata

  • Download URL: simplepki-0.0.6-py3-none-any.whl
  • Upload date:
  • Size: 6.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.7.6

File hashes

Hashes for simplepki-0.0.6-py3-none-any.whl
Algorithm Hash digest
SHA256 d511de3a21abc43d61a332df3fbcc14a9bc7392745001d499cbfd8b2ca9018e8
MD5 033f225c4f4e1a80502f0be32e20f6fe
BLAKE2b-256 2b8ec5c2ada9872f9baf2f4e565fe0fb4ef70f6d893771dc668890a1bac3ce74

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page