PKI with OpenSSL: Howto using Jupyter Notebook
From time to time I have to create a PKI with a root and intermediate CA. As I do not want to have to search for the correct commands, I created a setup for OpenSSL and a Jupyter notebook that guides me through the steps. This allows me to go through the setup process for a PKI in a few seconds. To validate the PKI, I included a section to issue a new server certificate as well as to validate it.
In this blog I’ll explain how you can get the Jupyter notebook working as well as how to notebook works.
Create Jupyter Lab instance
docker run -p 8888:8888 -e JUPYTER_ENABLE_LAB=yes jupyter/minimal-notebook
Load Jupyter Notebook
Download the notebook from GitLab. Open Jupyter and upload my notebook.
The notebook is named PKI.
Run notebook and create PKI
Open it. It contains the git command to clone my other repository with the OpenSSL configuration. The description guides you through the steps to run the necessary OpenSSL commands to setup a Root CA and Intermediate CA as well as issue a new server request.
The sections include:
- Root CA
- Intermediate CA
- Create server certificate
When running the commands, a new folder pki is created. Inside this folder, all PKI files for Root CA and Intermediate CA are stored. Both CAs have their own OpenSSL configuration file .cnf. As some parameters in this file depend on the path, an environment variable is used to make it work in Jupyter:
%env ROOTCA=pki/rootca %env INTCA=pki/intermediate
Note: This is needed as the underlying repository for the OpenSSL PKI is also meant to work outside Jupyter. A user can clone the repo and create a PKI running the commands in the shell.
The PKI certificates can be downloaded and used in your Dev / Test environment. Using the example provided in the create server certificate section, you can upload you own CSR and sign it. Issuing the PKI to a different subject (CN) is not a problem, as you can change the parameter. Have fun creating your own PKI or maybe understand better how a PKI works.