Chapter 6 ■ tLS/SSL97$ openssl req -new -key http://www.key -config http://www.cnf -out http://www.csr
Consult the Makefile if you want to see the steps by which a private CA is created by the openssl tool and how
it signs a CSR to produce a http://www.crt file corresponding to the request generated earlier. When dealing instead with
a public certificate authority, you might receive your http://www.crt in an e-mail (before you panic, remember that the
certificate is supposed to be public!) or perhaps download the signed certificate from your account on the authority’s
web site when it is ready. In any case, the final step to making your certificate easy to use with Python is to combine
the certificate and secret key into a single file for convenience. If the files are in the standard PEM format produced by
the previous commands, then combining them is as simple as running the Unix “concatenate” command.
$ cat http://www.crt http://www.key > http://www.pem
The resulting file should contain a textual summary of the certificate contents, then certificate itself, and finally
the private key. Be careful with this file! If either http://www.key or this PEM file http://www.pem containing the private key were
leaked or became available to a third party, then that third party would be able to impersonate your service for all of
the months or years until the key expires. The three sections of the file should look something like Listing 6-2. (Note
the ellipses—we are abbreviating the file, which would actually take two or three book pages!)
Listing 6-2. A Certificate and Private Key Bundled into a Single PEM File
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=us, ST=New York, L=New York, O=Example CA from Apress Media LLC,
OU=Foundations of Python Network Programming 3rd Ed,
CN=ca/[email protected]
Validity
Not Before: Mar 8 16:58:12 2014 GMT
Not After : Feb 12 16:58:12 2114 GMT
Subject: C=us, ST=New York, O=Example from Apress Media LLC,
OU=Foundations of Python Network Programming 3rd Ed,
CN=www.example.com/[email protected]
...
-----BEGIN CERTIFICATE-----
MIIE+zCCA2MCAQMwDQYJKoZIhvcNAQEFBQAwgcUxCzAJBgNVBAYTAnVzMREwDwYD
VQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxKTAnBgNVBAoTIEV4YW1w
I7Ahb1Dobi7EoK9tXFMrXutOTQkoFe ... pT7/ivFnx+ZaxE0mcR8qyzyQqWTDQ
SBH14aSHQPSodSHC1AAAfB3B+CHII1TkAXUudh67swE2qvR/mFbFtHwuSVEbSHZ+
2ukF5Z8mSgkNlr6QnikCDIYbBWDOSiTzmX/zPorqlw==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIG5QIBAAKCAYEA3rM3H+kGaWhbbfqyKzoePLIiYBOLw3W+wuKigsU1qDPFJBKk
JF4UqCo6OfZuJLpAHAIPwb/0ihA2hXK8/I9Rd75t3leiYER6Oefg9TRGuxloD0om
8ZFW8k3p4RA7uDBMjHF3tZqIGpHpY6 ... f8QJ7ZsdXLRsVmHM+95T1Sy6QgmW2
Worz0PhhWVzGT7MgSduY0c8efArdZC5aVo24Gvd3i+di2pRQa0g9rSL7VJrm4BdB
NmdPSZN/rGhvwbWbPVQ5ofhFOMod1qgAp626ladmlublPtFt9sRJESU=
-----END RSA PRIVATE KEY-----