Python cryptography.x509.Name() Examples
The following are 30
code examples of cryptography.x509.Name().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.x509
, or try the search function
.
Example #1
Source File: certrequest.py From custodia with GNU General Public License v3.0 | 7 votes |
def build_csr(self, hostname, **kwargs): realm = self.plugin.ipa.env.realm builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([ x509.NameAttribute(oid.NameOID.COMMON_NAME, hostname), x509.NameAttribute(oid.NameOID.ORGANIZATION_NAME, realm), ]) ) build = builder.add_extension( x509.BasicConstraints(ca=False, path_length=None), critical=True, ) build = builder.add_extension( x509.ExtendedKeyUsage([TLS_SERVERAUTH]), critical=True ) builder = build.add_extension( x509.SubjectAlternativeName([x509.DNSName(hostname)]), critical=False ) return builder # pylint: disable=arguments-differ
Example #2
Source File: decode_asn1.py From teleport with Apache License 2.0 | 6 votes |
def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) attribute = _decode_x509_name_entry(backend, entry) set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) if set_id != prev_set_id: attributes.append(set([attribute])) else: # is in the same RDN a previous entry attributes[-1].add(attribute) prev_set_id = set_id return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
Example #3
Source File: _certificate_utils.py From sslyze with GNU Affero General Public License v3.0 | 6 votes |
def extract_dns_subject_alternative_names(certificate: x509.Certificate) -> List[str]: """Retrieve all the DNS entries of the Subject Alternative Name extension. """ subj_alt_names: List[str] = [] try: san_ext = certificate.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) san_ext_value = cast(x509.SubjectAlternativeName, san_ext.value) subj_alt_names = san_ext_value.get_values_for_type(DNSName) except ExtensionNotFound: pass except DuplicateExtension: # Fix for https://github.com/nabla-c0d3/sslyze/issues/420 # Not sure how browsers behave in this case but having a duplicate extension makes the certificate invalid # so we just return no SANs (likely to make hostname validation fail, which is fine) pass return subj_alt_names
Example #4
Source File: model.py From skein with BSD 3-Clause "New" or "Revised" License | 6 votes |
def from_protobuf(cls, obj): resources = Resources.from_protobuf(obj.resources) files = {k: File.from_protobuf(v) for k, v in obj.files.items()} log_level = _proto.Log.Level.Name(obj.log_level) log_config = (File.from_protobuf(obj.log_config) if obj.HasField('log_config') else None) security = (Security.from_protobuf(obj.security) if obj.HasField('security') else None) return cls(resources=resources, files=files, script=obj.script, env=dict(obj.env), log_level=log_level, log_config=log_config, security=security)
Example #5
Source File: model.py From skein with BSD 3-Clause "New" or "Revised" License | 6 votes |
def from_protobuf(cls, obj): state = ApplicationState(_proto.ApplicationState.Type.Name(obj.state)) final_status = FinalStatus(_proto.FinalStatus.Type.Name(obj.final_status)) return cls(id=obj.id, name=obj.name, user=obj.user, queue=obj.queue, tags=obj.tags, host=obj.host, port=obj.port, tracking_url=obj.tracking_url, state=state, final_status=final_status, progress=obj.progress, usage=ResourceUsageReport.from_protobuf(obj.usage), diagnostics=obj.diagnostics, start_time=datetime_from_millis(obj.start_time), finish_time=datetime_from_millis(obj.finish_time))
Example #6
Source File: utils.py From django-ca with GNU General Public License v3.0 | 6 votes |
def format_name(subject): """Convert a subject into the canonical form for distinguished names. This function does not take care of sorting the subject in any meaningful order. Examples:: >>> format_name([('CN', 'example.com'), ]) '/CN=example.com' >>> format_name([('CN', 'example.com'), ('O', "My Organization"), ]) '/CN=example.com/O=My Organization' """ if isinstance(subject, x509.Name): subject = [(OID_NAME_MAPPINGS[s.oid], s.value) for s in subject] return '/%s' % ('/'.join(['%s=%s' % (force_text(k), force_text(v)) for k, v in subject]))
Example #7
Source File: decode_asn1.py From teleport with Apache License 2.0 | 6 votes |
def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) attribute = _decode_x509_name_entry(backend, entry) set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) if set_id != prev_set_id: attributes.append({attribute}) else: # is in the same RDN a previous entry attributes[-1].add(attribute) prev_set_id = set_id return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
Example #8
Source File: test_sslverify.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def test_hostnameIsIndicated(self): """ Specifying the C{hostname} argument to L{CertificateOptions} also sets the U{Server Name Extension <https://en.wikipedia.org/wiki/Server_Name_Indication>} TLS indication field to the correct value. """ names = [] def setupServerContext(ctx): def servername_received(conn): names.append(conn.get_servername().decode("ascii")) ctx.set_tlsext_servername_callback(servername_received) cProto, sProto, pump = self.serviceIdentitySetup( u"valid.example.com", u"valid.example.com", setupServerContext ) self.assertEqual(names, [u"valid.example.com"])
Example #9
Source File: decode_asn1.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) attribute = _decode_x509_name_entry(backend, entry) set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) if set_id != prev_set_id: attributes.append(set([attribute])) else: # is in the same RDN a previous entry attributes[-1].add(attribute) prev_set_id = set_id return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
Example #10
Source File: decode_asn1.py From teleport with Apache License 2.0 | 6 votes |
def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) attribute = _decode_x509_name_entry(backend, entry) set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) if set_id != prev_set_id: attributes.append({attribute}) else: # is in the same RDN a previous entry attributes[-1].add(attribute) prev_set_id = set_id return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
Example #11
Source File: crypto.py From manuale with MIT License | 6 votes |
def create_csr(key, domains, must_staple=False): """ Creates a CSR in DER format for the specified key and domain names. """ assert domains name = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, domains[0]), ]) san = x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains]) csr = x509.CertificateSigningRequestBuilder().subject_name(name) \ .add_extension(san, critical=False) if must_staple: ocsp_must_staple = x509.TLSFeature(features=[x509.TLSFeatureType.status_request]) csr = csr.add_extension(ocsp_must_staple, critical=False) csr = csr.sign(key, hashes.SHA256(), default_backend()) return export_csr_for_acme(csr)
Example #12
Source File: conftest.py From commandment with MIT License | 6 votes |
def ca_certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate: b = x509.CertificateBuilder() name = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"), x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"), x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"), ]) cert = b.serial_number(1).issuer_name( name ).subject_name( name ).public_key( private_key.public_key() ).not_valid_before( datetime.datetime.utcnow() ).not_valid_after( datetime.datetime.utcnow() + datetime.timedelta(days=10) ).add_extension( x509.BasicConstraints(ca=True, path_length=None), True ).sign(private_key, hashes.SHA256(), default_backend()) return cert
Example #13
Source File: conftest.py From commandment with MIT License | 6 votes |
def certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate: b = x509.CertificateBuilder() name = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"), x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"), x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"), ]) cer = b.subject_name(name).issuer_name(name).public_key( private_key.public_key() ).serial_number(1).not_valid_before( datetime.datetime.utcnow() ).not_valid_after( datetime.datetime.utcnow() + datetime.timedelta(days=10) ).add_extension( x509.BasicConstraints(ca=False, path_length=None), True ).sign(private_key, hashes.SHA256(), default_backend()) return cer
Example #14
Source File: test_mdmcert.py From commandment with MIT License | 6 votes |
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest: b = x509.CertificateSigningRequestBuilder() req = b.subject_name(x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"), x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"), x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"), ])).sign(private_key, hashes.SHA256(), default_backend()) return req
Example #15
Source File: models.py From commandment with MIT License | 6 votes |
def from_crypto(cls, csr: x509.CertificateSigningRequest): # type: (type, x509.CertificateSigningRequest, CertificateType) -> Certificate m = cls() m.pem_data = csr.public_bytes(serialization.Encoding.PEM) m.not_before = datetime.datetime.utcnow() m.not_after = datetime.datetime.utcnow() + datetime.timedelta(days=700) h = hashes.Hash(hashes.SHA256(), default_backend()) h.update(m.pem_data) m.fingerprint = h.finalize() m.discriminator = CertificateType.CSR.value subject: x509.Name = csr.subject cns = subject.get_attributes_for_oid(NameOID.COMMON_NAME) if cns is not None: m.x509_cn = cns[0].value return m
Example #16
Source File: models.py From commandment with MIT License | 6 votes |
def from_crypto_type(cls, certificate: x509.Certificate, certtype: CertificateType): # type: (certtype, x509.Certificate, CertificateType) -> Certificate m = cls() m.serial = certificate.serial_number m.pem_data = certificate.public_bytes(serialization.Encoding.PEM) m.not_after = certificate.not_valid_after m.not_before = certificate.not_valid_before m.fingerprint = certificate.fingerprint(hashes.SHA256()) m.discriminator = certtype.value m.serial = str(certificate.serial_number) subject: x509.Name = certificate.subject cns = subject.get_attributes_for_oid(NameOID.COMMON_NAME) if cns is not None: m.x509_cn = cns[0].value return m
Example #17
Source File: test_sslverify.py From learn_python3_spider with MIT License | 6 votes |
def test_hostnameIsIndicated(self): """ Specifying the C{hostname} argument to L{CertificateOptions} also sets the U{Server Name Extension <https://en.wikipedia.org/wiki/Server_Name_Indication>} TLS indication field to the correct value. """ names = [] def setupServerContext(ctx): def servername_received(conn): names.append(conn.get_servername().decode("ascii")) ctx.set_tlsext_servername_callback(servername_received) cProto, sProto, cWrapped, sWrapped, pump = self.serviceIdentitySetup( u"valid.example.com", u"valid.example.com", setupServerContext ) self.assertEqual(names, [u"valid.example.com"])
Example #18
Source File: decode_asn1.py From learn_python3_spider with MIT License | 6 votes |
def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) attribute = _decode_x509_name_entry(backend, entry) set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) if set_id != prev_set_id: attributes.append(set([attribute])) else: # is in the same RDN a previous entry attributes[-1].add(attribute) prev_set_id = set_id return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes)
Example #19
Source File: create_certificates.py From PyKMIP with Apache License 2.0 | 6 votes |
def create_self_signed_certificate(subject_name, private_key, days_valid=365): subject = x509.Name([ x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."), x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name) ]) certificate = x509.CertificateBuilder().subject_name( subject ).issuer_name( subject ).public_key( private_key.public_key() ).serial_number( x509.random_serial_number() ).add_extension( x509.BasicConstraints(ca=True, path_length=None), critical=True ).not_valid_before( datetime.datetime.utcnow() ).not_valid_after( datetime.datetime.utcnow() + datetime.timedelta(days=days_valid) ).sign(private_key, hashes.SHA256(), backends.default_backend()) return certificate
Example #20
Source File: dep.py From zentral with Apache License 2.0 | 5 votes |
def build_dep_token_certificate(dep_token): private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key() builder = x509.CertificateBuilder() builder = builder.subject_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u'zentral-dep-token-{}'.format(dep_token.pk)), ])) builder = builder.issuer_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u'zentral'), ])) now = timezone.now() one_day = datetime.timedelta(days=1) builder = builder.not_valid_before(now - one_day) builder = builder.not_valid_after(now + 2 * one_day) builder = builder.serial_number(x509.random_serial_number()) builder = builder.public_key(public_key) builder = builder.add_extension( x509.BasicConstraints(ca=False, path_length=None), critical=True, ) certificate = builder.sign( private_key=private_key, algorithm=hashes.SHA256(), backend=default_backend() ) return certificate, private_key
Example #21
Source File: operations.py From magnum with Apache License 2.0 | 5 votes |
def generate_csr_and_key(common_name): """Return a dict with a new csr, public key and private key.""" private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend()) public_key = private_key.public_key() csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([ x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, common_name), ])).sign(private_key, hashes.SHA256(), default_backend()) result = { 'csr': csr.public_bytes( encoding=serialization.Encoding.PEM).decode("utf-8"), 'private_key': private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode("utf-8"), 'public_key': public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode( "utf-8"), } return result
Example #22
Source File: ssl.py From commandment with MIT License | 5 votes |
def generate_signing_request(cn: str, dnsname: Optional[str] = None) -> (rsa.RSAPrivateKey, x509.CertificateSigningRequest): """Generate a Private Key + Certificate Signing Request using the given dnsname as the CN and SAN dNSName. Args: cn (str): The certificate common name dnsname (str): The public facing dns name of the MDM server. Returns: Tuple of rsa private key, csr """ private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend(), ) name = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, cn), x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment') ]) builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name(name) if dnsname is not None: san = x509.SubjectAlternativeName([ x509.DNSName(dnsname) ]) builder = builder.add_extension(san, critical=True) builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) request = builder.sign( private_key, hashes.SHA256(), default_backend() ) return private_key, request
Example #23
Source File: certificatemanager.py From confidant with Apache License 2.0 | 5 votes |
def generate_x509_name(self, cn): """ For the given common name string, generate and return an x509.Name, with attributes configured in the settings. """ name_attributes = [ x509.NameAttribute(NameOID.COMMON_NAME, cn), ] if self.settings['csr_country_name']: name_attributes.append( x509.NameAttribute( NameOID.COUNTRY_NAME, self.settings['csr_country_name'], ) ) if self.settings['csr_state_or_province_name']: name_attributes.append( x509.NameAttribute( NameOID.STATE_OR_PROVINCE_NAME, self.settings['csr_state_or_province_name'], ) ) if self.settings['csr_locality_name']: name_attributes.append( x509.NameAttribute( NameOID.LOCALITY_NAME, self.settings['csr_locality_name'], ) ) if self.settings['csr_organization_name']: name_attributes.append( x509.NameAttribute( NameOID.ORGANIZATION_NAME, self.settings['csr_organization_name'], ) ) return x509.Name(name_attributes)
Example #24
Source File: util.py From CPU-Manager-for-Kubernetes with Apache License 2.0 | 5 votes |
def generate_cert(service, namespace, private_key): name = x509.Name([ x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "{0}.{1}.svc".format(service, namespace)) ]) subj_alternative_names = x509.SubjectAlternativeName([ x509.DNSName("{0}".format(service)), x509.DNSName("{0}.{1}".format(service, namespace)), x509.DNSName("{0}.{1}.svc".format(service, namespace)), ]) constraints = x509.BasicConstraints(ca=True, path_length=None) now = datetime.now() cert_builder = x509.CertificateBuilder() cert_builder = (cert_builder.subject_name(name) .issuer_name(name) .add_extension(subj_alternative_names, False) .add_extension(constraints, False) .not_valid_before(now) .not_valid_after(now + timedelta(days=36500)) .public_key(private_key.public_key()) .serial_number(x509.random_serial_number())) cert = cert_builder.sign(private_key, hashes.SHA256(), default_backend()) return cert
Example #25
Source File: __init__.py From agent with MIT License | 5 votes |
def generate_cert(device_id): private_key = ec.generate_private_key( ec.SECP256R1(), default_backend() ) builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, u'{}'.format(device_id)), x509.NameAttribute(NameOID.COUNTRY_NAME, u'UK'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'London'), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Web of Trusted Things, Ltd'), ])) builder = builder.add_extension( x509.SubjectAlternativeName( [x509.DNSName(u'{}'.format(device_id))] ), critical=False ) csr = builder.sign(private_key, hashes.SHA256(), default_backend()) serialized_private_key = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), ) serialized_csr = csr.public_bytes(serialization.Encoding.PEM) return { 'csr': serialized_csr.decode(), 'key': serialized_private_key.decode() }
Example #26
Source File: test_sign.py From magnum with Apache License 2.0 | 5 votes |
def _build_csr(self, private_key): csr = c_x509.CertificateSigningRequestBuilder() csr = csr.subject_name(c_x509.Name([ c_x509.NameAttribute(NameOID.COMMON_NAME, self.subject_name) ])) return csr.sign(private_key, hashes.SHA256(), default_backend())
Example #27
Source File: models.py From commandment with MIT License | 5 votes |
def create(cls, common_name: str = 'COMMANDMENT-CA', key_size=2048): ca = cls() ca.common_name = common_name name = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, common_name), x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'commandment') ]) private_key = rsa.generate_private_key( public_exponent=65537, key_size=key_size, backend=default_backend(), ) ca.rsa_private_key = RSAPrivateKey.from_crypto(private_key) db.session.add(ca.rsa_private_key) certificate = x509.CertificateBuilder().subject_name( name ).issuer_name( name ).public_key( private_key.public_key() ).serial_number( x509.random_serial_number() ).not_valid_before( datetime.datetime.utcnow() ).not_valid_after( datetime.datetime.utcnow() + datetime.timedelta(days=365) ).add_extension( x509.BasicConstraints(ca=True, path_length=None), True ).sign(private_key, hashes.SHA256(), default_backend()) ca_certificate_model = CACertificate.from_crypto(certificate) ca_certificate_model.rsa_private_key = ca.rsa_private_key ca.certificate = ca_certificate_model db.session.add(ca) db.session.commit() return ca
Example #28
Source File: model.py From skein with BSD 3-Clause "New" or "Revised" License | 5 votes |
def from_protobuf(cls, obj): return cls(name=obj.name, state=QueueState(_proto.Queue.State.Name(obj.state)), capacity=obj.capacity, max_capacity=obj.max_capacity, percent_used=obj.percent_used, node_labels=set(obj.node_labels), default_node_label=obj.default_node_label)
Example #29
Source File: model.py From skein with BSD 3-Clause "New" or "Revised" License | 5 votes |
def from_protobuf(cls, obj): return cls(service_name=obj.service_name, instance=obj.instance, state=ContainerState(_proto.Container.State.Name(obj.state)), yarn_container_id=obj.yarn_container_id, yarn_node_http_address=obj.yarn_node_http_address, start_time=datetime_from_millis(obj.start_time), finish_time=datetime_from_millis(obj.finish_time), exit_message=obj.exit_message)
Example #30
Source File: test_config.py From python-tripleoclient with Apache License 2.0 | 5 votes |
def get_certificate_and_private_key(self): private_key = rsa.generate_private_key(public_exponent=3, key_size=1024, backend=default_backend()) issuer = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"FI"), x509.NameAttribute(NameOID.LOCALITY_NAME, u"Helsinki"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Some Company"), x509.NameAttribute(NameOID.COMMON_NAME, u"Test Certificate"), ]) cert_builder = x509.CertificateBuilder( issuer_name=issuer, subject_name=issuer, public_key=private_key.public_key(), serial_number=x509.random_serial_number(), not_valid_before=datetime.utcnow(), not_valid_after=datetime.utcnow() + timedelta(days=10) ) cert = cert_builder.sign(private_key, hashes.SHA256(), default_backend()) cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM) key_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) return cert_pem, key_pem