Community service for generating PKCS#10 CSRs
Project description
swarmauri_certs_csronly
A community-provided certificate service that builds PKCS#10 Certificate Signing Requests (CSRs).
Features
CsrOnlyServicefocused exclusively on generating standards-compliant PKCS#10 CSRs (RFC 2986).- Supports RSA (2048/3072/4096), ECDSA (P-256), and Ed25519 private keys.
- Adds subject alternative names, challenge passwords, and basic constraints when needed.
- Designed to interoperate with other Swarmauri certificate services that handle issuance/verification.
Prerequisites
- Python 3.10 or newer.
- PEM-encoded private key material available locally or via a
KeyRefprovider. - Subject metadata (CN, O, OU, etc.) for the entity requesting a certificate.
- Optional: SAN entries, basic constraints, and challenge passwords when integrating with stricter PKI workflows.
Installation
# pip
pip install swarmauri_certs_csronly
# poetry
poetry add swarmauri_certs_csronly
# uv (pyproject-based projects)
uv add swarmauri_certs_csronly
Usage
Generate a CSR for example.com with SAN entries using an existing private key:
import asyncio
from pathlib import Path
from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef
async def main() -> None:
key_ref = KeyRef(material=Path("example-key.pem").read_bytes())
service = CsrOnlyService()
csr_pem = await service.create_csr(
key=key_ref,
subject={"CN": "example.com", "O": "Example Inc"},
san={"dns": ["example.com", "www.example.com"]},
)
Path("example.csr").write_bytes(csr_pem)
print("CSR written to example.csr")
if __name__ == "__main__":
asyncio.run(main())
Advanced CSR Options
Fine-tune extensions and output encoding for specialized PKI workflows:
import asyncio
from pathlib import Path
from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef
async def build_der_csr() -> None:
key_ref = KeyRef(material=Path("root-ca-key.pem").read_bytes())
service = CsrOnlyService()
csr_der = await service.create_csr(
key=key_ref,
subject={"CN": "Example Root CA"},
extensions={"basic_constraints": {"ca": True, "path_len": 0}},
challenge_password="p@ssw0rd",
output_der=True,
)
Path("root-ca.csr.der").write_bytes(csr_der)
print("DER CSR saved to root-ca.csr.der")
if __name__ == "__main__":
asyncio.run(build_der_csr())
Best Practices
- Generate new key pairs and CSRs ahead of certificate expiry to allow review and approval time.
- Store private keys securely—
KeyRefcan reference hardware or cloud KMS-backed material rather than local files. - Keep SAN lists minimal and auditable to avoid issuing overly permissive certificates.
- Pair this service with a signing backend (e.g., CFSSL, ACME, Azure Key Vault) to form a complete issuance pipeline.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_certs_csronly-0.8.2.dev6.tar.gz.
File metadata
- Download URL: swarmauri_certs_csronly-0.8.2.dev6.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2f04d6ae8add23e441274863d9e0339a349dfcab4b1947c13e143efe5bc17d16
|
|
| MD5 |
8f81837d6ddc4b461a0203d3c30ad5f5
|
|
| BLAKE2b-256 |
c2c90bed4c56dc71456f86e1b16d16f320596d1664a74001e56f8adfdc69bee2
|
File details
Details for the file swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl.
File metadata
- Download URL: swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl
- Upload date:
- Size: 9.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bab1c69770df5446b9d54aa1a312e98ce07c23517273cca28fd47e9625307b3a
|
|
| MD5 |
24f6d01b43016d9225b6c014a9d69af6
|
|
| BLAKE2b-256 |
02d0cccf4968662059ed7839ad98a54e4b5e72b63067481afc039f55f39d7e6b
|