Подпись сертификата другим сертификатом


--- script.py
  • script.py
from OpenSSL import crypto, SSL

# Загружаем закрытый ключ корневого сертификата

body = """-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdabozS01e5ypM
2rMSp/JyIHqvnAvqjF4aN6DdSX+EA0UEUIX4UmmTZgr6TBZEz8Id3Jvd0lndwnZN
wz7sG9YaF/7N47co5AaK98T4P0/XB61pog9anKGJMC3yhqqcRZZfHFH214CE3UJP
VQPBuAIxo/n9zDv7NxJXSQzCJu7L0X8JsmXY0ZcG8C9P6YDEf6InsxQ3LyDhtapj
fbpJS/YTWbj/WZPPjW80h/OJDSym5krTJvUouhaWKMQZnwerYsVp2PShB45K9V1o
9l9kyQmvhSEMc4k5mQ7H8rBCf6O9Q+t8FajElN5eXrbedC0VvXOhom27XBNtUlFT
puE0h+NbAgMBAAECggEAE/87iOxxJXQdVumdqL6wX+xdCEVAskNRMG77wWCk+qhM
8HHRV7chv+VEcoyyqi5VatsE3MjlwuiQRL+wjCSLdrnaEoBRh4joql5sVLtrG5Ge
8N5pIpbo4/oM/E17VTfXt+lX4cJe4iEVnxKfjzxuPkuABZMPi8XSiz2WwGZBxPiQ
zYj8VUApZAPg/vs+LGMY2d1TzUuXWiQiPR8QNJCw1FBvXs+sjyhiziGjSPX+A9BV
1ZF57JLIOAZ7Urk51DBUXCkd+ubq1hSFjBCie6WLuKsGkJAzvUaCQPT3yE6uksA/
mfx6gutq02ouylhX7JSMdfmw10qyhbU8Hn2dQV45+QKBgQDxDdhgbwcV7cgPKb/t
kbvGmKycr7YXI/KidJ6o2DWv2Y5pfxSW0Kl9axLT/Dy3zTsAlqUIFN1IcAUiLqPL
SOivOM7LEfQ+8HP2n5x1V7N5y/jDpaN9gq/4JQ95AubVbROOPNnXHcqwZ32odDMA
IEJBnFA3eEy25NeOJZZlQb6hbQKBgQDrJCCGdnEqBvrXfoNQLQtXK6C2eZ2Zmqol
PvVT+icJ2QgBNPfmVvNuBf0290j/LIWiTHQbnO+r5yLWwt1IWN5RVk0Qmj0O3fi+
8vNM3c9kzVQV+DAXlnY8Pn5S1JMwQctQ0u5K3ZdfBIvB4csXCMAijsPLvJIdrCv3
p5wms8ri5wKBgBU+syNMpcM5AbjUZSX7AiGuswfcNKA1etz2ikU3SQQGmJaTrKze
FxIGrdIhGPjaDakvnbvomtgXh1xL4AO6mUdYKmGbY3tolc/WoWN2J0tEvtf/cTlO
m1OzcHmp185XnrGai1h6N7L0bA68rwID1dMSg79fyuMTqCvPBEJIWRTBAoGBAOkk
hOtNfJ7DFOudkO1p/BiONWc35j9qztDnP6/oE9T7z6gCsNk91Vd9sLdTMJlxt35Y
d7b5P9od7rkptOYK10OmYfrYMzoOdJg/o2TPeNbljz3JO0Xn9Yt+GxpdkyMB2Wll
+sdYNsILa9bs3cUU9AxPqWrUqbup/l4rXfQxyDR5AoGAOS7zNrUtccnOthvwpdTc
oGRg/+hy6YdIUJeIeJyWGxostmKyJasO8/6CHbg4ZUW5k0hjz6Nwl4mzgPOQZISJ
dzgEZfIdgsEoXkZm2io6rDEevaeOdMHmtacwTaH8rGYZqfZkmhq+ot712dt508is
fHFhHC8yon6uWa9zRhDiLIc=
-----END PRIVATE KEY-----
"""

CAprivatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, body)

body = """-----BEGIN CERTIFICATE-----
MIIDjjCCAnYCAQEwDQYJKoZIhvcNAQENBQAwgYwxCzAJBgNVBAYTAlJVMRUwEwYD
VQQIDAzQnNC+0YHQutCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEoMCYGA1UE
Cgwf0J7QntCeINCg0L7Qs9CwINC4INC60L7Qv9GL0YLQsDELMAkGA1UECwwCSVQx
GDAWBgNVBAMMD3JlbWl6b2ZmYWxleC5ydTAeFw0xNzEwMDMwOTA1NDRaFw0yNzEw
MDEwOTA1NDRaMIGMMQswCQYDVQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCw
MRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxKDAmBgNVBAoMH9Ce0J7QniDQoNC+0LPQ
sCDQuCDQutC+0L/Ri9GC0LAxCzAJBgNVBAsMAklUMRgwFgYDVQQDDA9yZW1pem9m
ZmFsZXgucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdabozS01e
5ypM2rMSp/JyIHqvnAvqjF4aN6DdSX+EA0UEUIX4UmmTZgr6TBZEz8Id3Jvd0lnd
wnZNwz7sG9YaF/7N47co5AaK98T4P0/XB61pog9anKGJMC3yhqqcRZZfHFH214CE
3UJPVQPBuAIxo/n9zDv7NxJXSQzCJu7L0X8JsmXY0ZcG8C9P6YDEf6InsxQ3LyDh
tapjfbpJS/YTWbj/WZPPjW80h/OJDSym5krTJvUouhaWKMQZnwerYsVp2PShB45K
9V1o9l9kyQmvhSEMc4k5mQ7H8rBCf6O9Q+t8FajElN5eXrbedC0VvXOhom27XBNt
UlFTpuE0h+NbAgMBAAEwDQYJKoZIhvcNAQENBQADggEBADYO0/R39uGkS5/exvZD
yMdnjZYcT/i1LVL0hrNvQ3CQiZg3KZDz1wiiRvvZJpvWAfVFkGfiUwrSbJM+ayHa
CCDrIvr+5hyp0CCvcABhqoZHqAmUzJv3ByRr6Vkh9dFMA00hsFRlISZ8/v0nXpuz
mQsF0zHYsuy49Mv1IdVr2Zl+DxKr5B2yA8Mau+Y/Fw7MqMqtjCd1qqBj7YcIl8jb
mALbTN0+oDXpyUUbFx0BfTBUti/USVsIKGJ0se6dUtbmsCn/By/Sv6TtCOk+6UjI
6Xr6PHJQQgZiG6nGZPpNUC2ZwqpZgaqEFdYVxWX68v07YrfIMDGVY+UraHzi4QZi
2Rs=
-----END CERTIFICATE-----
"""

CAcert = crypto.load_certificate(crypto.FILETYPE_PEM, body)

# Генерируем закрытый ключ нового сертификата
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)

# Создаём запрос сертификата
req = crypto.X509Req()
req.set_pubkey(key)
req.sign(key, 'sha1')
req.sign(key, 'sha256')
req.sign(key, 'sha512')
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req).decode('utf-8')

# Подписываем 
cert = crypto.X509()
cert.set_subject(req.get_subject())
cert.set_serial_number(1)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(CAcert.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(CAprivatekey, 'sha1')
cert.sign(CAprivatekey, 'sha256')
cert.sign(CAprivatekey, 'sha512')

print(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8'))
print(crypto.dump_privatekey(crypto.FILETYPE_PEM, key).decode('utf-8'))
© RemiZOffAlex