pyopenssl サンプル

# vim: fileencoding=utf8 sw=4 sts=4

from OpenSSL import crypto

pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 1024)

req = crypto.X509Req()
subj = req.get_subject()

subj.CN = ''
subj.C = ''
subj.ST = ''
subj.L = ''
subj.O = ''
subj.OU = ''
subj.emailAddress = ''

req.set_pubkey(pkey)
req.sign(pkey, 'md5')

# シリアルは本来はファイル化する必要あり
serial = 0
not_before = 0
# 1 年分
not_after = 60 * 60 * 24 * 365

cert = crypto.X509()
cert.set_serial_number(serial)
cert.gmtime_adj_notBefore(not_before)
cert.gmtime_adj_notAfter(not_after)
cert.set_issuer(req.get_subject())
cert.set_subject(req.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(pkey, 'md5')

fw = open('cacert.pem', 'w')
print >> fw, crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
fw.close()

crl = crypto.CRL()
print crypto.dump_crl(crl, cert, pkey)

適当に書いたやつですが ... 。