Skip to main content

A simple CLI for making a pki

Project description

simplepki

Simple Public Key Infrastructure intends to provide most of the components needed to manage a PKI. (With a few missing tools as of right now)

CLI

Get the CLI: pip install simplepki

You can pass --pass to most of these and it will ask for a passphrase to use to protect the key

Create the root CA:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Root CA"
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

mkdir $SP_ROOT
simplepki create root

Create a server certificate for blog.acme.com and www.acme.com:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create cert www.acme.com --dns blog.acme.com --dns www.acme.com

Create an intermediate CA:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Internal CA"
export SP_INTERMEDIATE=intermedaite
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create intermediate

Create a wildcard certificate for internal use, signed by the intermediate ca:

# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=intermediate
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"

simplepki create cert *.internal.acme.com --dns *.internal.acme.com

After running all the commands above you will end up with this

/tmp/simplepki/
├── [drwxrwxr-x]  intermediate
│   ├── [drwxrwxr-x]  certs
│   │   ├── [-rw-r--r--]  root.cert.pem
│   │   └── [-rw-r--r--]  wildcard_.internal.acme.com.cert.pem
│   └── [drwx------]  private
│       ├── [-r--------]  root.key.pem
│       └── [-r--------]  wildcard_.internal.acme.com.key.pem
└── [drwxrwxr-x]  root
    ├── [drwxrwxr-x]  certs
    │   ├── [-rw-r--r--]  root.cert.pem
    │   └── [-rw-r--r--]  www.acme.com.cert.pem
    └── [drwx------]  private
        ├── [-r--------]  root.key.pem
        └── [-r--------]  www.acme.com.key.pem

You will find the generated certificates in $SP_ROOT/ca_name/certs/ and private keys in $SP_ROOT/ca_name/private/

For more info about available flags, checkout out the help simplepki -h.

Contributions

Contributions are welcome. Currently we have a few features missing that we would like to add

  • client certificate
  • publish crl
  • sign csr with selected ca
  • create csr
  • that index.txt log file
  • crlnumber file
  • serial file

Disclaimer

This is based on the https://github.com/google/easypki which is written in golang

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for simplepki, version 0.0.6
Filename, size File type Python version Upload date Hashes
Filename, size simplepki-0.0.6-py3-none-any.whl (6.9 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size simplepki-0.0.6.tar.gz (6.1 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page