AutoPKI.py~

#!/usr/bin/env python

from datetime import datetime, timedelta

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.x509 import (BasicConstraints, CertificateBuilder, Name,
                               NameAttribute, SubjectAlternativeName,
                               random_serial_number)
from cryptography.x509.oid import NameOID

# Generate Root Key
root_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
root_key_pem = root_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)
with open("rootCA.key", "wb") as key_file:
    key_file.write(root_key_pem)

# Generate Root Certificate
subject = issuer = Name([
    NameAttribute(NameOID.COUNTRY_NAME, "US"),
    NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "New York"),
    NameAttribute(NameOID.LOCALITY_NAME, "Wonderville"),
    NameAttribute(NameOID.ORGANIZATION_NAME, "Wonderville Town Hall"),
    NameAttribute(NameOID.COMMON_NAME, "LocalRootCA"),
])
root_cert = (
    CertificateBuilder()
    .subject_name(subject)
    .issuer_name(issuer)
    .public_key(root_key.public_key())
    .serial_number(random_serial_number())
    .not_valid_before(datetime.utcnow())
    .not_valid_after(datetime.utcnow() + timedelta(days=365))
    .add_extension(BasicConstraints(ca=True, path_length=None), critical=True)
    .build(SHA256())
)
with open("rootCA.pem", "wb") as cert_file:
    cert_file.write(root_cert.public_bytes(serialization.Encoding.PEM))