Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from OpenSSL import crypto
- # Generate key-pair
- key = crypto.PKey()
- key.generate_key(crypto.TYPE_RSA, 512)
- # Generate CSR
- req = crypto.X509Req()
- req.get_subject().CN = "walrus.example.com"
- req.set_pubkey(key)
- # dump unsigned CSR
- unsigned_csr_dump = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
- with open('unsigned.csr', 'w') as unsigned_csr:
- unsigned_csr.write(unsigned_csr_dump)
- # sign the CSR
- req.sign(key, "sha256")
- # dump signed CSR
- signed_csr_dump = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
- with open('signed.csr', 'w') as signed_csr:
- signed_csr.write(signed_csr_dump)
- # If the CSR has the signature, it will successfully load.
- csr = crypto.load_certificate_request(crypto.FILETYPE_PEM, signed_csr_dump)
- print 'Loaded signed CSR'
- # If the CSR doesn't have the signature, there will be an error while trying to load it
- csr = crypto.load_certificate_request(crypto.FILETYPE_PEM, unsigned_csr_dump)
- # The code won't get here
- print 'Loaded unsigned CSR'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
