csrbuilder is a Python library for constructing CSRs - certificate signing requests. It provides a high-level interface with knowledge of RFC 2986 to produce, valid, correct requests without terrible APIs or hunting through RFCs.
Since its only dependencies are the asn1crypto and oscrypto libraries, it is easy to install and use on Windows, OS X, Linux and the BSDs.
The documentation consists of the following topics:
A simple, self-signed certificate can be created by generating a public/private
key pair using oscrypto and then passing a dictionary of name information to
the CSRBuilder() constructor:
from oscrypto import asymmetric
from csrbuilder import CSRBuilder, pem_armor_csr
public_key, private_key = asymmetric.generate_pair('rsa', bit_size=2048)
with open('/path/to/my/env/will_bond.key', 'wb') as f:
f.write(asymmetric.dump_private_key(private_key, 'password'))
builder = CSRBuilder(
{
'country_name': 'US',
'state_or_province_name': 'Massachusetts',
'locality_name': 'Newbury',
'organization_name': 'Codex Non Sufficit LC',
'common_name': 'Will Bond',
},
public_key
)
# Add subjectAltName domains
builder.subject_alt_domains = ['codexns.io', 'codexns.com']
request = builder.build(private_key)
with open('/path/to/my/env/will_bond.csr', 'wb') as f:
f.write(pem_armor_csr(request))All name components must be unicode strings. Common name keys include:
country_namestate_or_province_namelocality_nameorganization_namecommon_name
Less common keys include:
organizational_unit_nameemail_addressstreet_addresspostal_codebusiness_categoryincorporation_localityincorporation_state_or_provinceincorporation_country
See CSRBuilder.subject for a full
list of supported name keys.