This project was made for university. The aim is to explore how we can generate X.509 certificates, extend themm, revoke them and create certificate chains.
- Install the requirements from the requirements.txt file using pip.
$ pip install -r requirements.txt
- Run the program
python3 ./src/main.py
This takes the following parameters from user input:
Parameter | Type |
---|---|
common_name | str |
organization_name | str |
country_name | str |
private_key_path | str |
certificate_path | str |
validity_period | int |
This will take a certificates_data.json configuration file path from user input. A good example of a file like this can be found here
Parameter | Type |
---|---|
json_configuration_file_path | str |
Takes the path to a certificate that you want to read the data from.
Parameter | Type |
---|---|
certificate_path | str |
Takes the path to the old certificate, the new validity period and the destination of the extended certificate.
Parameter | Type |
---|---|
private_key_path | str |
certificate_path | str |
extended_certificate_path | str |
validity_period | int |
The revoke_certificate function revokes a given certificate by performing the following steps:
- Load the certificate and private key.
- Check if a Certificate Revocation List (CRL) file exists. If not, create a new one.
- Set the CRL's last update and next update times to match the certificate's validity period.
- Add the revoked certificate to the CRL with the specified revocation date.
- Sign the CRL using the private key and SHA256 hashing algorithm.
- Serialize and save the updated CRL to a file.
- Save the revoked certificate separately.
Parameter | Type |
---|---|
private_key_path | str |
certificate_path | str |
crl_path | str |
revoked_cert_path | str |
revocation_date | datetime.datetime |