Friday, 2 April 2021

Python - Generate SSL Certificate and Invoke SOAP/REST Using SSL certificate.

Steps to generate Keystore , CSR and Import Signed Certificates. 

  • Login into Unix Box 
  • Go to Java Home Dir
    • cd %JAVA_HOME%/jre/bin
  • Run the Keytool Command to Create Kestore - JKS
    • keytool -genkey -keyalg RSA -alias <aliasname> -keystore identityKeystore.jks -storepass <replace_with_strong_password> -validity 900 -keysize 2048 
    • <aliasName>  = Meaningfull Alias
    • <replace_with_strong_password>  = Ketstore Password
    • When prompted, change the values provided based on your company's security policy

What is your first and last name?
  [Unknown]:  VijayaKumar
What is the name of your organizational unit?
  [Unknown]:  Development
What is the name of your organization?
  [Unknown]:  ICS
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  KA
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=<>, OU=<>, O=<>, L=Redwood Shores, ST=California, C=US correct?
  [no]:  yes 
Enter key password for <aliasName>
        (RETURN if same as keystore password):


  • List the file generated using ls command. Now you should see jks file
    • ls
  • Generate CSR file for signing authority. 
    • keytool -certreq -alias <aliasName> -keystore identityKeystore.jks -storepass <replace_with_strong_password>  -storetype JKS -file icsclient.csr
  • List the files generated using ls command.  Now you should see both jks and csr file. 
    • ls
  • Share the CSR file with signing authority.  Or generate one using following URL.
  • In case if you receive the root and intermediate certificates from signing authrity us the followin commands to Import Root Certificates: 
    • keytool -import -keystore identityKeystore.jks -file <root_certificate_CA>.crt -alias DigiCertCARoot
  • Import Intermediate Certificates : 
    • keytool -import -keystore identityKeystore.jks -file <intermediate_certificate_CA>.crt -alias DigiCertCAInter
    • keytool -import -keystore identityKeystore.jks -file <my_company_signedcert.crt/pem> -alias icslientcert
  • Use the following command to generate Client or Server certificate using Keystore. 
    • keytool -export -alias <aliasName> -storepass <replace_with_strong_password> -keystore identityKeystore.jks -file  icsclient.cer/pem 
    • keytool -export -alias <aliasName> -storepass <replace_with_strong_password> -keystore identityKeystore.jks -file  icsclient.cer/pem
  • List all the certificates from JKS file. 
    • keytool -list -keystore identityKeystore.jks

Python Code : 

headers = {'SOAPAction': '<wsdl_action>', 'Content-Type': 'text/text; charset=utf-8'}'https://vijayakumarkv/ics/', headers=headers,data=body.encode('utf-8'),cert=('/path/client.cert', '/path/client.key'))