The development of Customer, Certification and Deciding upon of CSR for Lemur Certification Manager

After the effective set up of Lemur documentation administrator, CFSSL Main Certification Power (CA) was incorporated with it. After the incorporation phase, regional CA was designed using CFSSL plug-in in the lemur. So, CFSSL is the main CA in our situation. As we know that Lemur documentation administrator is Python-based so in this post, our concentrate is to develop different python programs which will be useful for further increase the work. In this content, we will execute following programs to communicate with Lemur using the international airport.

  • Creation of Power using CFSSL in the Lemur GUI. This CFSSL Power will be used in our programs to obtain the documentation. I have set headline “myCA” of CFSSL authority in the GUI. This headline “myCA” will be used in the creation of accreditations from the Lemur.

Using CFSSL plug-in

“myCA” caved the record after growth.

  • Using Python program to develop a person with “Admin” part using Lemur API as well as is sent in JSON structure. (verify the consequence from the customers web page of Lemur GUI).
  • Creation of Certificate for the specified proprietor and customer (Verify the consequence from the documentation web page of lemur GUI).
  • private/public essential factors creation using Openssl in the international airport (commands are given below to obtain the key couple and then CSR) and
  • then Use the CSR (cat the csr file) in the program to obtain the documentation from the described customized authority.

NOTE:

All python programs sends a demand in JSON structure to the Lemur system, so please modify factors in the programs as per your specifications. (like your name of CFSSL authority, user-name etc )

Scripts

In the following program, json demand will be sent to 192.168.1.7 (IP deal with of the Lemur and CFSSL root CA). After the effective verification, another demand will be sent for the production of the new customer.

1. create_user_using_admin_role.py

#!/usr/bin/python
import json transfer requests
login = demands.request("POST","http://192.168.1.7/api/1/auth/login",data=json.dumps({'username': "lemur", 'password': "lemur"}),headers={'content-type': 'application/json'}) make indication in.json() Auth = {'Authorization': 'token %s' %login.json()["token"], 'content-type': 'application/json'}
test = demands.request("POST","http://192.168.1.7/api/1/users",data=json.dumps({'username': "aa", 'aaa': "aaa" ,"email":"[email protected]","active": "true", "roles": [{'id':1}or{'name': 'myRole'}]}),headers=Auth)
print analyze.json()
--------------------------------------------------------------------------------------------------

In the following program, a demand is sent to “myCA” authority to have a new documentation for the consumer “aa”.

2. create_certifacte_by_lemur.py

#!/usr/bin/python
import json
import requests
##username/password to indication in lemur to carry out the experience
login = demands.request("POST","http://192.168.1.7/api/1/auth/login",data=json.dumps({'username': "lemur", 'password': "lemur"}),headers={'content-type': 'application/json'})
print indication in.json() Auth = {'Authorization': 'token %s' %login.json()["token"], 'content-type': 'application/json'} cert_req = demands.request("POST","http://192.168.1.7/api/1/certificates",data=json.dumps({"owner": "[email protected]","commonName": "aa.example.net","country": "AU","replacements": [{"id": 1 }],"notify": "true","validityEnd": "2026-01-01T08:00:00.000Z", "authority": {"name": "myCA" }, "organization": "test.", "location": "Los Gataaos", "state": "Caldifornia", "user": { "username": "aa","active": "true","email": "[email protected]"}, "roles": [{"id": 1, "description": "admin role", "name": "[email protected]"}],"validityStart": "2018-11-11T04:19:48.000Z","organizationalUnit": "Operations"}),headers=Auth)
print cert_req.json() --------------------------------------------------------------------------------------------------

The objective of the following program is to indication the CSR from the CFSSL documentation authority. Necessary instructions of OpenSSL are given above to obtain the csr for the program.

The following control will be used to indication the customized CSR. This performance is not given in the Lemur GUI to indication the CSR using our regionally set up CA.

key couple creation command:

openssl genrsa -out analyze.key 2048

CSR growth using the above-generated analyze.key:

openssl req -new -sha256 -key analyze.key -out analyze.csr

Now use “cat” control to perspective the material of analyze.csr and duplicate it in the program to obtain the documentation on the user-generated CSR. Important sign about the use of CSR in the program is that to eliminate /r and use /n except between start/stop labels of CSR.

3. create_certificate_using_local_csr.py

#!/usr/bin/python
import json
import requests
##change username/password here
login = demands.request("POST","http://192.168.1.7/api/1/auth/login",data=json.dumps({'username': "lemur", 'password': "lemur"}),headers={'content-type': 'application/json'})
print indication in.json()
Auth = {'Authorization': 'token %s' %login.json()["token"], 'content-type': 'application/json'}
#it is working
csr_req = demands.request("POST","http://192.168.1.7/api/1/certificates",data=json.dumps({"owner": "[email protected]","commonName": "aa.eaaxample.net","authority": {"name": "myCA" },"csr":"-----BEGIN CERTIFICATE REQUEST-----
nMIICxzCCAa8CAQAwgYExCzAJBgNVBAYTAkFVMQ0wCwYDVQQIDARQQUtJMRIwEAYDnVQQHDAlJU0xBTUFCQUQxDTALBgNVBAoMBElJSUkxDDAKBgNVBAsMA0dHRzEQMA4GnA1UEAwwHdXNlcjEyMzEgMB4GCSqGSIb3DQEJARYRdXNlcjEyM0BnbWFpbC5jb20wnggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzzV4H1epwXODPs9AkioTvnQLRtea12vCbZJhKkH59hWhDMjqNRkh8qc4R9gk83lingdWK+L35OkGNi6DG9zsehncVRf68sNpTeFg+eXGRmEdTallBqPd5NS3JlMmXxbLEWrELiw4gPp3JpNAzoYZUxbn4Uk4ho9EN8Fd1/lGmubvyvkYJ1mbpsK1LfaFohGYu+7nMvU4tn1Av/zyTGcIikVunU4UA23jKAMzjlSKdTJH/nmqvMi2wltRtb7DNpI/5HAancrnyEzeXC5IN+sPV/5ohnxdxCyAkp1kDrWhC2yvoffzipoqEFESWmfFrJ8riTiQZqOIWqW+ZasZtu4GDqm4CLnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAH/PKs5kTmMPRW2Icy4Yj7vdzjpaAn/r1glm0voMR5ytPo0+lXHDTQwt/1ObQvr8FnT2z8iqRvfXiv6WWruLzwEEVWsCFLny7RAa+K0wqP23CfxzCy/S4ZwCcR+wQb3UnWui8eMxgU1IBjupCR9kPFhL//aA+lmnjBi5YruBgX7MdlW+AlkuVDljzXm1orFYZFzS7OlybH5jh/B3Z2ygbC++Y24XI3qmn5IYpsxFbOmrj7y3IXN/990305blCcKhpaG+FMTKhNqkXMYKYsZseIO3xdO4Ufjl/nqS2jjsE1sFxmKbabhguhTT06oGimT+TbgoYVkc0DWhIdLcrOdxhGsFwdqg==n-----END CERTIFICATE REQUEST-----"}),headers=Auth)
print csr_req.json()
--------------------------------------------------------------------------------------------------

Conclusion

In this content, different python programs are published to communicate with Lemur documentation administrator venture. These programs will be of help for the designers to use it from the CLI.

Post Author: Hack3rN3ws

Leave a Reply

Your email address will not be published. Required fields are marked *