33

I followed this url to create a X509 certificate. And the code is:

from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime

CERT_FILE = "selfsigned.crt"
KEY_FILE = "private.key"

def create_self_signed_cert():
         
    # create a key pair
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_<wbr>RSA, 1024)

    # create a self-signed cert
    cert = crypto.X509()
    cert.get_subject().C = "UK"
    cert.get_subject().ST = "London"
    cert.get_subject().L = "London"
    cert.get_subject().O = "Dummy Company Ltd"
    cert.get_subject().OU = "Dummy Company Ltd"
    cert.get_subject().CN = gethostname()
    cert.set_serial_number(1000)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60)
    cert.set_issuer(cert.get_<wbr>subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha1')

    open(CERT_FILE, "wt").write(
        crypto.dump_certificate(<wbr>crypto.FILETYPE_PEM, cert))
    open(KEY_FILE, "wt").write(
        crypto.dump_privatekey(crypto.<wbr>FILETYPE_PEM, k))

create_self_signed_cert()

But there is something wrong with the code when I run it. Could someone tell me what the meaning of <wbr>? There is a SyntaxError in cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60). Thx.

Nuno André
  • 4,739
  • 1
  • 33
  • 46
changzhi
  • 2,641
  • 9
  • 36
  • 46
  • 2
    The guide author is using to indicate places that you must modify to use the code yourself. – Andrew Domaszek Nov 26 '14 at 04:34
  • You are right. Everything goes okay when I remove the ``.thx – changzhi Nov 26 '14 at 04:39
  • 2
    `` is HTML tag meaning a word break is allowed here. I think the most likely answer is this is some kind of accident, somehow some blogging software/CMS/etc has malfunctioned along the way and accidentally inserted these `` HTML tags. I think that is more likely than the author intentionally putting `` (why pick that specific string?) at these rather arbitrary locations in the code to mean something. – Simon Kissane Dec 14 '20 at 05:42

3 Answers3

29

A version which works with python3

from OpenSSL import crypto, SSL

def cert_gen(
    emailAddress="emailAddress",
    commonName="commonName",
    countryName="NT",
    localityName="localityName",
    stateOrProvinceName="stateOrProvinceName",
    organizationName="organizationName",
    organizationUnitName="organizationUnitName",
    serialNumber=0,
    validityStartInSeconds=0,
    validityEndInSeconds=10*365*24*60*60,
    KEY_FILE = "private.key",
    CERT_FILE="selfsigned.crt"):
    #can look at generated file using openssl:
    #openssl x509 -inform pem -in selfsigned.crt -noout -text
    # create a key pair
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_RSA, 4096)
    # create a self-signed cert
    cert = crypto.X509()
    cert.get_subject().C = countryName
    cert.get_subject().ST = stateOrProvinceName
    cert.get_subject().L = localityName
    cert.get_subject().O = organizationName
    cert.get_subject().OU = organizationUnitName
    cert.get_subject().CN = commonName
    cert.get_subject().emailAddress = emailAddress
    cert.set_serial_number(serialNumber)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(validityEndInSeconds)
    cert.set_issuer(cert.get_subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha512')
    with open(CERT_FILE, "wt") as f:
        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8"))
    with open(KEY_FILE, "wt") as f:
        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8"))

cert_gen()
acapola
  • 1,078
  • 1
  • 12
  • 23
  • 3
    As someone getting this working for the first time, I also had to run `pip install pyOpenSSL` to ensure that I had an `OpenSSL` module to import. Thought I would add this as the pip module name required actually differed to the one you need to reference in the code – Max Carroll Jul 28 '20 at 12:38
  • Works also fine with eval/exec in #maXbox4 at runtime eg.Execstring(DEF_CERTS); println('create selfsignedcert:: ') eg.Execstr('cert_gen()'); – Max Kleiner Aug 28 '22 at 15:02
14

Just remove <wbr>. So stupid I am.

changzhi
  • 2,641
  • 9
  • 36
  • 46
7

This is a really useful question; as the referenced link is now dead; and this is one of the first results for searching for "python create ssl certificate".

I would add to it though, that "open(xxx, "wt").write()" is asking for problems later. By not explicitly closing the file, you may find that the garbage collector hasn't run when you try to actually use the file - resulting in a failure.

it's better to use:

with open(xxx, "w") as f:
    f.write()

which will ensure that the file is closed when you're done.

UKMonkey
  • 6,941
  • 3
  • 21
  • 30