Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
A utility library to create certificate signing request and self-signed certificates.
There are three main reasons why I decide to do this:
Notes:
The minimal python version supported is 3.9. You can install the library using pip with the following command:
$ pip install certipie
You can also use an alternative package manager like poetry:
$ poetry add certipie
There are three ways to use certipie.
This is probably the main way to use it. The project includes a convenient cert
command line interface.
$ cert
Usage: cert [OPTIONS] COMMAND [ARGS]...
A cli to generate certificate signing request and self-signed certificate
that can be used for testing purpose.
Options:
--version Show the version and exit.
-h, --help Show this message and exit.
Commands:
auto-cert Creates a self-signed certificate useful for tests.
csr Creates a certificate signing request file given...
install-completion Install completion script for bash, zsh and fish...
rsa Creates a pair of private/public keys using the RSA...
server Serves a swagger UI where you can perform the same...
The first command you will want to use is install-completion
like the name said will allow options and commands
completion. The shells currently supported are bash, fish and zsh.
$ cert install-completion
To create a certificate signing request or a self-signed certificate, you need a private key. The cert
command allows
you to create an RSA private key which is one of the most common (if not the most common) private keys used for this
type of operation.
$ cert rsa
Enter the passphrase [passphrase]:
Repeat for confirmation:
The pair of keys was successfully in ...
Note: On all commands, you can use -h
option to get their usage documentation.
This commands helps you create a certificate signing request.
$ cert csr -f csr.pem
Organization: orga
State: Ile-de-France
Country: FR
City: Paris
Name: site.com
The certificate signing request has been successfully created in /home/kevin/...
Notes:
csr
command creates an RSA one with no
password in the same directory where the certificate signing request is created. If you want to provide one, use the
-k
option and gives the path to the private key, e.g: cert csr -k /path/to/private/key
. It is not mandatory that
the private key is of type RSA. In fact other algorithms are supported like DSA or elliptic curve. For a full list of
supported algorithms, look PrivateKey
type in module certipie.types
.Enter
to continue.--country
option must be a two-letters value. To know the two-letters code of a country, you can check this
website.--name
option value is used as the domain name to submit for the certificate signing request. In the previous
example, it will be site.com
. Wildcards like *.site.com
are supported.--name
value, you can use
the --alt-names
option like the following: cert csr --alt-names=site.com,foo.site.com
. The values must
be separated by commas.This command helps you create a self-signed certificate useful when you want to test a network server like an HTTP server.
$ cert auto-cert -f cert.pem --validity=360
Organization: orga
State: Ile-de-France
Country: FR
City: Paris
The self-signed certificate has been successfully created in /home/kevin/...
Notes:
csr
command also applies here.localhost
is the default --name
option.--alt-names
also accepts ip adresses and networks. You can have a value like the following:
cert auto-cert --alt-names=localhost,192.168.1.0/24
.--validity
option represents the number of days the certificate will be valid. If not provided, it is 365.This commands runs a server which serves a Swagger UI where you can perform the previous commands explained above. This is handy if you want non-technical staff to be able to use the command line features.
$ cert server
If you open a browser on http://localhost:8000 you will see the swagger documentation.
Under the hood the server used is hypercorn. You can configure it passing a toml configuration file. To know all the settings available, refer to the official documentation.
$ cert server -c /path/to/toml/file
Following the previous section about serving a swagger UI, if you think that it does not well suits your organization, you can adjust it. The api is created using the FastAPI web framework. For example if you want to integrate it in your own fastapi application, you can use the router provided by certipie.
This way you can adjust the url used for the certificate routes, for example /certificate
instead of /certs
, change
documentation url, add some authentication to routes, etc...
The router concept is a powerful feature from FastAPI.
from fastapi import FastAPI
from certipie import router
app = FastAPI(
title='certificate api',
description='Your description',
redoc_url=None,
docs_url='/documentation'
)
app.include_router(router, prefix='/certificate', tags=['certificate'])
Transform the api to suit your needs :)
The last way to leverage certipie is to interact programmatically with its api. The following functions are exposed:
create_private_key
: Creates an RSA private key.get_public_key_from_private_key
: Extracts a public key from a private key.create_csr
: Creates a certificate signing request.create_auto_cert
: Creates a self-signed certificate.Normally the api usage should be straightforward. The behaviour is the same as the command line. You can also look at tests if you are blocked.
Here is a snippet on how to create a certificate signing request using create_csr
:
from certipie import create_csr
create_csr(
'csr.pem',
'FR',
'Ile-de-France',
'Paris',
'organization',
'site.com',
alternative_names=['site.com', 'foo.site.com'],
private_key='key.pem',
passphrase='passphrase'
)
There are two others objets exported:
app
: The fastapi application used when running cert server
command. It is exposed so that you can
mount it in another application if you want.PrivateKey
: The type annotation for all the private keys supported by the cryptography
library.FAQs
A tool to create certificate signing request and self-signed certificates
We found that certipie demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.