Hi Kevin, The short version is, despite what the OpenSSL CLI would have you think, "signing a CSR" isn't a thing. When a CA receives a CSR, it copies some of the elements (most importantly the public key) from the CSR into a new cert. https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate gives an example of how to go about creating a certificate (you'll need to modify it a bit to sign with a CA instead of being self-signed). Figuring out what data from the CSR you want to include in the cert is your decision.
Alex On Thu, Apr 11, 2019 at 4:22 PM Kevin Hughes <kevinhughe...@gmail.com> wrote: > Hey Cryptography Devs, > > I am trying to figure how to use pyca/cryptography to sign a CSR with my > own CA and I can't quite see how I am supposed to do this using the > library. I have finished and understood the tutorial for creating a CSR > https://cryptography.io/en/latest/x509/tutorial/#creating-a-certificate-signing-request-csr > > I've previously worked through how to do this with raw openssl commands: > > openssl x509 \ > -req \ > -in "csr.pem" \ > -CA myCA.pem \ > -CAkey myCA.key \ > -passin "pass:$ca_password" \ > -CAcreateserial \ > -out "crt.pem" \ > -days 1825 \ > -sha256 \ > -extfile "extfile.txt" > > I appreciate the help and look forward to using this library > > - Kevin > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- All that is necessary for evil to succeed is for good people to do nothing.
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
