A simple CLI for making a root CA
Project description
simplepki
Simple Public Key Infrastructure intends to provide most of the components needed to manage a PKI. (With a few missing tools as of right now)
CLI
Get the CLI:
pip install simplepki
You can pass
--pass
to most of these and it will ask for a passphrase to use to protect the key
Create the root CA:
# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Root CA"
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"
mkdir $SP_ROOT
simplepki create root
Create a server certificate for blog.acme.com and www.acme.com:
# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"
simplepki create cert www.acme.com --dns blog.acme.com --dns www.acme.com
Create an intermediate CA:
# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=root
export SP_CN="Acme Inc. - Internal CA"
export SP_INTERMEDIATE=intermedaite
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"
simplepki create intermediate
Create a wildcard certificate for internal use, signed by the intermediate ca:
# You can also pass the following through arguments if you do not want to use env variables.
export SP_ROOT=/tmp/simplepki
export SP_CA=intermediate
export SP_ORGANIZATION="Acme Inc."
export SP_ORGANIZATIONAL_UNIT=IT
export SP_COUNTRY=US
export SP_LOCALITY="Agloe"
export SP_PROVINCE="New York"
simplepki create cert *.internal.acme.com --dns *.internal.acme.com
After running all the commands above you will end up with this
/tmp/simplepki/
├── [drwxrwxr-x] intermediate
│ ├── [drwxrwxr-x] certs
│ │ ├── [-rw-r--r--] root.cert.pem
│ │ └── [-rw-r--r--] wildcard_.internal.acme.com.cert.pem
│ └── [drwx------] private
│ ├── [-r--------] root.key.pem
│ └── [-r--------] wildcard_.internal.acme.com.key.pem
└── [drwxrwxr-x] root
├── [drwxrwxr-x] certs
│ ├── [-rw-r--r--] root.cert.pem
│ └── [-rw-r--r--] www.acme.com.cert.pem
└── [drwx------] private
├── [-r--------] root.key.pem
└── [-r--------] www.acme.com.key.pem
You will find the generated certificates in $SP_ROOT/ca_name/certs/
and
private keys in $SP_ROOT/ca_name/private/
For more info about available flags, checkout out the help simplepki -h
.
Contributions
Contributions are welcome. Currently we have a few features missing that we would like to add
- client certificate
- publish crl
- sign csr with selected ca
- create csr
- that index.txt log file
- crlnumber file
- serial file
Disclaimer
This is based on the https://github.com/google/easypki which is written in golang
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for simplepki-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1a6cd41e94b75441489c49bbb5c0aa69657773c3488d0a97c96e89114005fa94 |
|
MD5 | c030219679b5df337fbb58526456904c |
|
BLAKE2b-256 | 86613014833863c4a787cf4f882e8822a8fcbe2dcd374b1b8e9f194beab76193 |