Usage
Issuing certificate
To issue a new certificate, you need use an existent instance of
class
CertificateAuthority and
use the function
issue_certificate().
Code example:
>>> from ownca import CertificateAuthority
>>> ca_corp = CertificateAuthority(ca_storage='/opt/corp_CA', common_name='Corp CA')
>>> example_com = ca_corp.issue_certificate("www.example.com", dns_names=["www.example.com", "w3.example.com"], oids={"country_name": "BR", "locality_name": "Uba"})
Available methods
The Certificate Authority has built in methods such as
See HostCertificate for more details.
Checking the certificate
>>> example_com.cert
<Certificate(subject=<Name(C=BR,L=Uba,CN=www.example.com)>, ...)>
Loading host/client certificate
Same as the CA, if you use an existent certificate, it will be loaded and not overwrited.
Example:
>>> load_cert = ca_corp.load_certificate("www.example.com")
>>> load_cert.cert == example_com.cert
True
The motivation
The ownca was created in 2017 as a group of scripts to manage certificates, in 2018 it was moved to a very simple library (mostly hardcoded actions) and now 2019 was decide to open and be a library that could help others.
Basically, OwnCA uses the powerful library http://cryptography.io .