Hi guys ...
Do you guys know a python "script" that can generate openVPN certificates ? I need this to integrate it with my django project ...
Thx.
+1
A:
Do you have the needed PKI set up, i.e., have you made your own certificate authority? If so, then changing directory to easy-rsa (see the docs I just pointed to for how to find that directory in various platforms) and using Python's subprocess to run build-key for the client of interest might be simplest.
Alex Martelli
2010-09-11 21:52:43
`subprocess.check_call(['./build-key', 'client1'], cwd='/etc/openvpn/easy-rsa')`; [check_call documentation](http://docs.python.org/library/subprocess.html#subprocess.check_call)
Cristian Ciupitu
2010-09-11 21:59:07
@Cristian, yep, but `/etc/openvpn/easy-rsa` won't work e.g. on Windows: in my answer, I gave the URL for the docs that explain where the `easy-rsa` directory is located on various platforms. Also, quoting the docs, "Note that this directory is not considered when searching the executable, so you can’t specify the program’s path relative to cwd." -- so the `./build-key` will fail _unless_ you've previously done an `os.chdir` to `easy-rsa` already (in which case you don't need the `cwd`, it becomes innocuous but redundant;-).
Alex Martelli
2010-09-11 22:05:13
@Alex Martelli: you're right about the path, but it was just an example, not a complete answer. That's why I commented on your answer instead of adding another answer. Maybe I should have been more clear about the fact that it's just an example. Regarding the `cwd` parameter `subprocess.check_call(['./update-projects-for-satchmo.sh'], cwd='/home/ciupicri/work')` works fine for me on python-2.6.4-27.fc13.x86_64.
Cristian Ciupitu
2010-09-11 22:19:55
thx for the answers ... I use ubuntu ... If I could use ./build-key w/o password script it will be easyer but I need to use ./build-key-pass ... or I can supply the password as argument to ./build-key ? ./build-key script aint taking "arguments" interactively ?
void
2010-09-12 21:43:23
@void, `build-key` is for the normal case (where you don't need a password because you keep your private key private). If you _do_ need a password then you need `build-key-pass` and you'll probably want to use `pexpect` (or `wexpect`, if on Windows;-) to simulate a terminal so that you can feed it the password (`subprocess` does not simulate a terminal).
Alex Martelli
2010-09-12 23:36:16
@Alex Martelii, thx a lot man I really appreciate it ...
void
2010-09-13 20:45:59
@void, you're welcome!
Alex Martelli
2010-09-14 00:05:25