7

I am trying to generate self signed SSL certificates using Python, so that it is platform independent. My target is the *.pem format.

I found this script that generates certificates, but no information how to self-sign them.

Niklas
  • 3,753
  • 4
  • 21
  • 29
  • related: http://stackoverflow.com/questions/256405/programmatically-create-x509-certificate-using-openssl – jfs Sep 09 '11 at 13:33

2 Answers2

8

The script you've linked doesn't create self-signed certificate; it only creates a request.

To create self-signed certificate you could use openssl it is available on all major OSes.

$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

If you'd like to do it using M2Crypto then take a look at X509TestCase.test_mkcert() method.

jfs
  • 399,953
  • 195
  • 994
  • 1,670
  • Yay, a unit test that does it. Thank you, I'll look into that. As for openssl I am not sure how I can call that from python, making sure that it's available. – Niklas Sep 09 '11 at 21:37
  • I'm trying to do something similar - but trying to avoid writing files as much as possible - I'd rather store the data in a database. – Esa Dec 14 '11 at 08:36
  • 1
    The OP asked for platform independence: `so that it is platform independent` You can't expect everyone to have openssl installed on their machines. – Martin Apr 12 '18 at 19:27
0

You could use the openssl method that J.F. Sebastian stated from within Python.

Import the OS lib and call the command like this:

os.system("openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095")

If it requires user interaction, it might work if you run it via subprocess pipe and allow for raw input to answer any prompts.

rolve
  • 10,083
  • 4
  • 55
  • 75
Turing
  • 9
  • 1
  • The OP asked for platform independence: `so that it is platform independent` You can't expect everyone to have openssl installed on their machines. – Martin Apr 12 '18 at 19:27