Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import os
- import pexpect
- from argparse import ArgumentParser
- ALLOWED_DIGESTS =[
- 'sha256',
- 'sha384',
- 'sha512'
- ]
- if __name__ == '__main__':
- parser = ArgumentParser('Create x509 certificates for some custom domains')
- #collect all domains
- parser.add_argument(
- 'domains',
- metavar='DOMAIN',
- type=str,
- help='domains to create certificates for.',
- nargs='+'
- )
- #outdir?
- parser.add_argument('--outdir', action='store', default='.', help='Output Directory for all files')
- #overwrite existing files?
- parser.add_argument('--overwrite', action='store_true', help='Overwrite existing files?')
- #collect technical certificate information
- parser.add_argument('--keylen', action='store', default='4096', help='length of private key')
- parser.add_argument('--digest', action='store', default=ALLOWED_DIGESTS[0], help='digest to use for cert. can be: %s' % ', '.join(ALLOWED_DIGESTS))
- parser.add_argument('--days', action='store', default='365', help='number of days the certificate is valid')
- #collect certificate metadata
- parser.add_argument('--country', action='store', required=True, help='Country Name (2 letter country code)')
- parser.add_argument('--state', action='store', required=True, help='State or Province Name')
- parser.add_argument('--locality', action='store', required=True, help='Locality Name')
- parser.add_argument('--company', action='store', required=True, help='Company or Organization Name')
- parser.add_argument('--unit', action='store', required=True, help='Organizational Unit')
- parser.add_argument('--email', action='store', required=True, help='Admin email address')
- #parse arguments
- args = parser.parse_args()
- #create all private keys and certs
- for domain in args.domains:
- keyfile = os.path.join(args.outdir, '%s.key' % domain)
- if not args.overwrite and os.path.isfile(keyfile):
- print 'Skipping "%s". Already exists.' % keyfile
- else:
- print '%s "%s". ' % ('Overwriting' if os.path.isfile(keyfile) else 'Creating', keyfile)
- (stdout, retcode) = pexpect.run('openssl genrsa -out %s %s' % (keyfile, args.keylen), withexitstatus=1)
- if retcode != 0:
- raise StandardError('openssl exited unexpectedly\n--------------------------\n' + stdout)
- certfile = os.path.join(args.outdir, '%s.crt' % domain)
- if not args.overwrite and os.path.isfile(certfile):
- print 'Skipping "%s". Already exists.' % certfile
- else:
- print '%s "%s". ' % ('Overwriting' if os.path.isfile(certfile) else 'Creating', certfile)
- p = pexpect.spawn('openssl req -new -x509 -key %s -days %s -%s -out %s' %
- (keyfile, args.days, args.digest, certfile),
- timeout=2, )
- p.expect('Country Name.*:')
- p.sendline(args.country)
- p.expect('State or Province Name.*:')
- p.sendline(args.state)
- p.expect('Locality Name.*:')
- p.sendline(args.locality)
- p.expect('Organization Name.*:')
- p.sendline(args.company)
- p.expect('Organizational Unit.*:')
- p.sendline(args.unit)
- p.expect('Common Name.*:')
- p.sendline(domain)
- p.expect('Email Address.*:')
- p.sendline(args.email)
- p.expect(pexpect.EOF)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement