creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-certificate-authority-with-openssl/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

45 lines
1.7 KiB
Markdown
Raw Blame History

# Certificate Authority with OpenSSL — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| cryptography | `pip install cryptography` | X.509 certificate generation, parsing, and validation |
| pyOpenSSL | `pip install pyOpenSSL` | OpenSSL wrapper for certificate operations |
## Key cryptography Methods
| Method | Description |
|--------|-------------|
| `x509.CertificateBuilder()` | Build X.509 certificates |
| `rsa.generate_private_key(65537, key_size)` | Generate RSA private key |
| `x509.load_pem_x509_certificate(data)` | Parse PEM certificate |
| `cert.subject.rfc4514_string()` | Get subject as RFC 4514 string |
| `x509.random_serial_number()` | Generate unique serial number |
## OpenSSL CLI Commands
| Command | Purpose |
|---------|---------|
| `openssl req -x509 -newkey rsa:4096 -sha256 -days 3650` | Create self-signed CA |
| `openssl req -new -key server.key -out server.csr` | Generate CSR |
| `openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key` | Sign certificate |
| `openssl verify -CAfile ca.crt server.crt` | Verify certificate chain |
| `openssl x509 -in cert.pem -text -noout` | Display certificate details |
## Certificate Best Practices
| Parameter | Recommended Value |
|-----------|-------------------|
| Root CA Key Size | RSA 4096 or EC P-384 |
| Server Key Size | RSA 2048+ or EC P-256 |
| Signature Algorithm | SHA-256 or SHA-384 |
| Root CA Validity | 10-20 years |
| Server Cert Validity | 1 year (398 days max for public) |
## External References
- [cryptography.io X.509 Docs](https://cryptography.io/en/latest/x509/)
- [OpenSSL Cookbook](https://www.feistyduck.com/library/openssl-cookbook/)
- [RFC 5280 X.509 PKI](https://datatracker.ietf.org/doc/html/rfc5280)
Reference in New Issue View Git Blame Copy Permalink