Needed Packages: pyopenssl cryptography

Generating a RSA Private Key

import datetime
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID

# Generate RSA Key Pair
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
    backend=default_backend()
)

# Get RSA Public Key
public_key = private_key.public_key()

Generate x509 Self Signed Certificate

# Build x509 Cert
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'yoururl.com'),
]))
builder = builder.issuer_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'yoururl.com'),
]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
# Today + 30 days
builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(public_key)
builder = builder.add_extension(
    x509.SubjectAlternativeName(
        [x509.DNSName(u'yoururl.com')]
    ),
    critical=False
)
builder = builder.add_extension(
    x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
# Export Self Signed Cert
certificate = builder.sign(
    private_key=private_key, algorithm=hashes.SHA256(),
    backend=default_backend()
)

Generate x509 CSR (Certificate Signing Request)

# Build x509 CSR
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'yoururl.com'),
]))
builder = builder.add_extension(
    x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
request = builder.sign(
    private_key, hashes.SHA256(), default_backend()
)

Write CSR to a file

with open('yourname.csr', 'wb') as csr:
    csr.write(request)

Looking at date in PEM certs

>>> from OpenSSL.crypto import FILETYPE_PEM, load_certificate
>>> with open('pki_ca.pem', 'rt') as cert:
...         pk = load_certificate(FILETYPE_PEM, cert.read())
>>> pk.get_notBefore()
b'20190212080550Z'
>>> pk.get_notAfter()
b'20290209080620Z’
>>> pk.get_issuer().get_components()
[(b'CN', b'auto.sciencelogic.local')]

Load Private Key, PEM Certificate and CSR

>>> from OpenSSL.crypto import (
FILETYPE_PEM,
load_certificate,
load_certificate_request,
load_publickey
)
# Load CSR and others with the same style just use the proper loader
>>> with open('mycsr.csr') as csr_file:
...   csr = load_certificate_request(FILETYPE_PEM, csr_file.read())

Check Signature of CSR certs

with open('test_pub.pem') as pem_file:
...   pem = load_certificate(FILETYPE_PEM, pem_file.read())
...   bool(csr.verify(pem.get_pubkey()))
...
True