Utilities

This module module is used to generate the CAs and CRLs (revoked certificates)

Example:

from DIRAC.Core.Security import Utilities

retVal = Utilities.generateRevokedCertsFile() if retVal[‘OK’]:

cl = Elasticsearch( self.__url,
timeout = self.__timeout, use_ssl = True, verify_certs = True, ca_certs = retVal[‘Value’] )

or retVal = Utilities.generateCAFile(‘/WebApp/HTTPS/Cert’) if retVal[‘OK’]:

sslops = dict( certfile = CertificateMgmt.getCert(/WebApp/HTTPS/Cert),
keyfile = CertificateMgmt.getCert(/WebApp/HTTPS/Key), cert_reqs = ssl.CERT_OPTIONAL, ca_certs = retVal[‘Value’], ssl_version = ssl.PROTOCOL_TLSv1 )

srv = tornado.httpserver.HTTPServer( self.__app, ssl_options = sslops, xheaders = True )

Note: If you wan to make sure that the CA is up to date, better to use the BundleDeliveryClient.

DIRAC.Core.Security.Utilities.generateCAFile(location=None)

Generate a single CA file with all the PEMs

Parameters:location (str) – we can specify a specific location in CS

:return file cas.pem which contains all certificates

DIRAC.Core.Security.Utilities.generateRevokedCertsFile(location=None)

Generate a single CA file with all the PEMs

Parameters:location (str) – we can specify a specific location in CS

:return file crls.pem which contains all revoked certificates