lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity

cli: Generate openssl.cnf snippet as file instead of writing it to terminal

This commit is contained in:
Priit Laes 2015-08-27 09:19:26 +00:00
parent f7183fd1ab
commit da2002538e
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
certidude/cli.py
View File

@ -579,9 +579,13 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
with open(ca_key, "wb") as fh:
fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
click.echo("Insert following to /etc/ssl/openssl.cnf:")
with open(os.path.join(directory, "openssl.cnf.example"), "w") as fh:
fh.write(env.get_template("openssl.cnf").render(locals()))
click.echo("You need to copy the contents of the 'openssl.cnf.example'")
click.echo("to system-wide OpenSSL configuration file, usually located")
click.echo("at /etc/ssl/openssl.cnf")
click.echo()
click.secho(env.get_template("openssl.cnf").render(locals()), fg="blue")
click.echo()
click.echo("Use following commands to inspect the newly created files:")

4
certidude/templates/openssl.cnf
View File

@ -1,3 +1,6 @@
# You have to copy the settings to the system-wide
# OpenSSL configuration (usually /etc/ssl/openssl.cnf
[CA_{{slug}}]
default_crl_days = {{revocation_list_lifetime}}
default_days = {{certificate_lifetime}}
@ -38,3 +41,4 @@ emailAddress = optional
basicConstraints = CA:FALSE
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage = clientAuth