Certipie: a little companion for your certificate operations
Create a certificate signing request in a flash.
In this short article, I’m gonna present you my last open source project certipie. For the context, I currently work in a company selling TLS certificates to customers, and an issue that often comes is a way to help clients create a certificate signing request which is a message we sent to a certificate authority to get a TLS certificate. If you are not familiar with these terms, I recommend this tutorial explaining how https works in the background.
How HTTPS works
Have you ever wondered why a green lock icon appears on your browser URL bar? And why is it important? We did too, and…
Aware of this issue, I decide to work on it using my favorite programming language: python!
The minimal python version supported is python3.9. You can install the project using pip:
$ pip install certipie
There are three ways to used certipie that we will see below.
The command line interface
Certipie comes with a neat command line interface (cli) cert. In fact, if you just want to use the command line, you can use pipx to install it.
$ pipx install certipie
The cert cli is simple to use with good documentation.
Usage: cert [OPTIONS] COMMAND [ARGS]...
A cli to generate certificate signing request and self-signed certificate
that can be used for testing purpose.
--version Show the version and exit.
-h, --help Show this message and exit.
auto-cert Creates a self-signed certificate useful for tests.
csr Creates a certificate signing request file given...
install-completion Install completion script for bash, zsh and fish...
rsa Creates a pair of private/public keys using the RSA...
server Serves a swagger UI where you can perform the same...
The first command you will want to use is install-completion which allows you to have commands and options completion for bash, fish and zsh (I feel your pain Windows users, I’m still trying how to add this feature on Windows).
$ cert install-completion
After that, you can create a certificate signing request using the csr command.
$ cert csr -f csr.pem
The certificate signing request has been successfully created in /home/kevin/...
- To help us create a certificate signing request, the command prompts various necessary information that the certificate authority needs.
- The name information represents the main domain name you want to submit in your request.
- If you want to cover many domain names, use the option alt-names with a list of domains separated by commas.
- Don’t hesitate to read the command documentation with -h option or read the project documentation for more information.
You also have a command auto-cert which allows you to create a self-signed certificate. This is a common need when we want to test a network server.
$ cert auto-cert -f cert.pem --validity=360
The self-signed certificate has been successfully created in /home/kevin/...
The REST API
The cert cli has a server command which displays a Swagger UI. This way non-technical users can leverage certipie.
$ cert server
By default the server will run http://localhost:8000 but you can change the port if you want.
If you think that the documentation should be served on another url or some description should be changed, you can customize the api. Under the hood it is the FastAPI web framework which is used and you can leverage the router feature to change how to display the Swagger UI.
The last way to use certipie is to use the functions it includes. These are the same functions used by the rest api or command line interface. Here is a snippet to create a certificate signing request.
This is all for this tutorial. If you want to know more about the project, look at the official documentation.
If you like my article and want to continue learning with me, don’t hesitate to follow me here and subscribe to my newsletter 😉