Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nbeguier/certificate_easy

Certificate reader and creater via CLI
https://github.com/nbeguier/certificate_easy

certificate cli python x509 x509certificates

Last synced: 9 days ago
JSON representation

Certificate reader and creater via CLI

Host: GitHub
URL: https://github.com/nbeguier/certificate_easy
Owner: nbeguier
License: apache-2.0
Created: 2017-01-31T08:54:46.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2023-02-12T17:36:47.000Z (almost 2 years ago)
Last Synced: 2024-08-02T15:07:27.936Z (3 months ago)
Topics: certificate, cli, python, x509, x509certificates
Language: Python
Homepage:
Size: 66.4 KB
Stars: 3
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

# Cert Easy

[![Build Status](https://travis-ci.com/nbeguier/certificate_easy.svg?branch=master)](https://travis-ci.com/nbeguier/certificate_easy) [![Python 3.6|3.9](https://img.shields.io/badge/python-3.6|3.9-green.svg)](https://www.python.org/) [![License](https://img.shields.io/github/license/nbeguier/certificate_easy?color=blue)](https://github.com/nbeguier/certificate_easy/blob/master/LICENSE)

Certificate reader and creater via CLI

## Prerequisites

### Debian/Ubuntu

```
apt install python3-pip

pip3 install -r requirements.txt
```

### MacOS

```
brew install python3

pip3 install -r requirements.txt
```

## Usage
```
$ python3 gen_ca.py --help
usage: gen_ca.py [-h] [--version] [--output OUTPUT] [--cn CN] [--validity VALIDITY]

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--output OUTPUT, -o OUTPUT
Output directory.
--cn CN Common name.
--validity VALIDITY, -v VALIDITY
Validity.
```

```
$ python3 gen_client.py --help
usage: gen_client.py [-h] [--version] [--output OUTPUT] [--cn CN] [--validity VALIDITY]

```
$ python3 cert_easy.py --help
usage: cert_easy.py [-h] [--version] {display,verify} ...

positional arguments:
{display,verify} commands
display Display certificate.
verify verifiy couple CA, CERTIFICATE

optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit

$ python3 cert_easy.py display --help
usage: cert_easy.py display [-h] [--input INPUT] [--input-fqdn INPUT_FQDN] [--extensions] [--port PORT]

optional arguments:
-h, --help show this help message and exit
--input INPUT, -i INPUT
Certificate path.
--input-fqdn INPUT_FQDN, -u INPUT_FQDN
Certificate FQDN.
--extensions, -e Display extensions and signature.
--port PORT, -p PORT Change HTTPs port.

$ python3 cert_easy.py verify --help
usage: cert_easy.py verify [-h] [--input INPUT] [--ca CA] [--input-fqdn INPUT_FQDN] [--port PORT]

optional arguments:
-h, --help show this help message and exit
--input INPUT, -i INPUT
Certificate path.
--ca CA CA path.
--input-fqdn INPUT_FQDN, -f INPUT_FQDN
Certificate FQDN.
--port PORT, -p PORT Change HTTPs port.
```

## Examples

### Generate own certificate

```bash
# Generate certificate
mkdir ssl_test

# Generating CA
python3 gen_ca.py --output ssl_test/

# Generating Certificate
python3 gen_client.py --output ssl_test/

# Display your certificate
python3 cert_easy.py display --input ssl_test/client.pem

# Verify couple ca
python3 cert_easy.py verify --input ssl_test/client.pem --ca ssl_test/ca.pem
```

### Display server certificate

```bash
# Display server certificate
python3 cert_easy.py display --input-fqdn github.com
```

### Test certificate in a local HTTPS server

```bash
# Start HTTPS Server
python3 simple_https_server.py &

# Should fail (000)
curl -s -o /dev/null -w "%{http_code}\n" https://localhost:8443/

# Sould be a sucess (200)
curl -s -o /dev/null -w "%{http_code}\n" https://localhost:8443/ --cacert ssl_test/ca.pem

# Verify CA
python3 cert_easy.py verify --input-fqdn localhost --port 8443 --ca ssl_test/ca.pem
```

### Verify server certificate

```bash
# Verify certificate with private ca (should fail)
python3 cert_easy.py verify --input-fqdn github.com --ca ssl/ca.pem

# Download github ca
# Extract it in the dump
openssl s_client -showcerts -connect github.com:443