{ "info": { "author": "Magnus Watn", "author_email": "", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Internet :: WWW/HTTP", "Topic :: Security", "Topic :: Software Development :: Libraries", "Topic :: System :: Systems Administration" ], "description": "pkcs7csr\n========\n\n.. image:: https://travis-ci.org/magnuswatn/pkcs7csr.svg?branch=master\n :target: https://travis-ci.org/magnuswatn/pkcs7csr\n\n.. image:: https://codecov.io/gh/magnuswatn/pkcs7csr/branch/master/graph/badge.svg\n :target: https://codecov.io/gh/magnuswatn/pkcs7csr\n\n.. image:: https://badge.fury.io/py/pkcs7csr.svg\n :target: https://badge.fury.io/py/pkcs7csr\n\nPython module for creating Microsoft style \"PKCS #7 renewal request\" for use with Active Directory Certificate Services.\n\nThis allows non-IIS web servers to automatically renew their certificates from an ADCS server.\n\nAbout PKCS #7 renewal requests\n------------------------------\n\nThe point of a PKCS#7 renewal request is that you prove that you possess an existing valid certificate, and therefore is authorized to get a new one with the same subject.\n\nThey consist of a normal PKCS #10 CSR with a special RENEWAL_CERTIFICATE extension containing the original certificate. This in then placed in a PKCS #7 structure and signed with the private key beloinging to the original certificate, and thus proving you are the rightful owner of the original certificate. You are then allowed a certificate with the same subject (and extensions) as the original.\n\nADCS configuration\n------------------\nFor this to work smoothly your template should have the option to require \"CA certificate manager approval\" enabled, but allow reenrollment with \"valid existing certificate\". The service account used for reenrollment must have permission to enroll.\n\nThe first certificate then needs to be approved by a CA manager, but renewals can go automatically. It is obviously important to verify the first certificate thorough as it can be used, in practice, forever. Also, it is important to revoke all unexpired certificate if the relevant key is ever compromised.\n\n\nInstallation\n------------\n\n.. code-block:: bash\n\n $ pipenv install pkcs7csr\n\n\n\nExample usage\n-------------\n\nRenew a certificate, using pkcs7csr and `certsrv `_:\n\n.. code-block:: python\n\n import pkcs7csr\n from certsrv import Certsrv\n from cryptography import x509\n from cryptography.hazmat.backends import default_backend\n from cryptography.hazmat.primitives import serialization\n\n # Read the certificate and key from file\n with open('/etc/pki/tls/certs/my_adcs_cert.pem', 'r') as open_file:\n cert = x509.load_pem_x509_certificate(open_file.read(), default_backend())\n\n with open('/etc/pki/tls/private/my_adcs_key.pem', 'r') as open_file:\n key = serialization.load_pem_private_key(\n open_file.read(),\n password=None,\n backend=default_backend()\n )\n\n # Create an PKCS #7 renewal request\n csr = pkcs7csr.create_pkcs7csr(cert, key)\n\n # Submit to the CA server using certsrv\n certsrv = Certsrv('my-adcs-server.example.net', 'myUser', 'myPassword')\n pem_cert = certsrv.get_cert(csr, 'myTemplate')\n\n # Write the new cert to the file\n with open('/etc/pki/tls/certs/my_adcs_cert.pem', 'w') as open_file:\n open_file.write(pem_cert)\n\n # Reload apache or whatever here", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/magnuswatn/pkcs7csr", "keywords": "ad adcs certsrv pki certificate csr iis renewal", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "pkcs7csr", "package_url": "https://pypi.org/project/pkcs7csr/", "platform": "", "project_url": "https://pypi.org/project/pkcs7csr/", "project_urls": { "Homepage": "https://github.com/magnuswatn/pkcs7csr" }, "release_url": "https://pypi.org/project/pkcs7csr/1.0.2/", "requires_dist": null, "requires_python": "", "summary": "A Python module for creating Microsoft style \"PKCS #7 renewal requests\"", "version": "1.0.2" }, "last_serial": 4215122, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "43fe4fd64ab0ffac11a7e0982fc9a8d0", "sha256": "80ca082e75c247cff805ff4f293e779976b370c43b4f9f075622903b056269bc" }, "downloads": -1, "filename": "pkcs7csr-1.0.0.tar.gz", "has_sig": false, "md5_digest": "43fe4fd64ab0ffac11a7e0982fc9a8d0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3290, "upload_time": "2017-04-16T11:05:08", "url": "https://files.pythonhosted.org/packages/a9/ab/413fa922ce6992a1285726366d5977031bf7dffad28a3e5660ebfa8ddda5/pkcs7csr-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "be5d5fd4aa0a606867250c665b09ef14", "sha256": "38c76468ea9f30cb23661a1d2b41c49b116f6fcc3f3595db6716b7d6a64c0cc1" }, "downloads": -1, "filename": "pkcs7csr-1.0.1.tar.gz", "has_sig": false, "md5_digest": "be5d5fd4aa0a606867250c665b09ef14", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4899, "upload_time": "2018-03-27T09:47:33", "url": "https://files.pythonhosted.org/packages/f3/6c/c2d90893191a9711dcd5dda90f5fe0b19b4019ec23905c24a9cdfb7d1e58/pkcs7csr-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "4e0d25dcc17a03c1eb495a906560f2a5", "sha256": "e03aa26733b98a712dae70bbde743cc07853e3cd5f08550bb12c3d360283332f" }, "downloads": -1, "filename": "pkcs7csr-1.0.2.tar.gz", "has_sig": false, "md5_digest": "4e0d25dcc17a03c1eb495a906560f2a5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4924, "upload_time": "2018-08-28T14:36:53", "url": "https://files.pythonhosted.org/packages/29/f4/7d382924684685de9a7c8afa799174254d1893e0a419034cdd1daf990600/pkcs7csr-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "4e0d25dcc17a03c1eb495a906560f2a5", "sha256": "e03aa26733b98a712dae70bbde743cc07853e3cd5f08550bb12c3d360283332f" }, "downloads": -1, "filename": "pkcs7csr-1.0.2.tar.gz", "has_sig": false, "md5_digest": "4e0d25dcc17a03c1eb495a906560f2a5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4924, "upload_time": "2018-08-28T14:36:53", "url": "https://files.pythonhosted.org/packages/29/f4/7d382924684685de9a7c8afa799174254d1893e0a419034cdd1daf990600/pkcs7csr-1.0.2.tar.gz" } ] }