createclientcert.py

Run the Python script createclientcert.py without command-line arguments, and it prompts you for the following information:

Welcome to FairCom Client TLS Key Pair Creator
For help, run this program with the '-h' option.

Enter your company's name: __________

Enter the name of a directory where certificates will be stored  
  Certificates will be stored in directories in this location.  
  Ensure this directory is secure (not shared), and is backed up properly.
  Directory: __________

Enter the number of months when the certificate will expire.  
  When a certificate expires, communications using that certificate no longer work.  
  Recommended expiration is 13 months to give time to renew each year.  
  NOTE: When a CA certificate expires, the CA certificate must be replaced by a new CA certificate everywhere it is 
  used, such as operating systems, browsers, and other software.
  Months [23]: __

The 'Common Name' of a client certificate is typically used by the server as a username.
  Enter the Common Name of the client (this will be the name of the output files): ___________

Enter a passphrase to encrypt the key data, or ENTER the leave the key unsecured.
  Use only 7-bit ASCII characters: __________

Enter a filename that contains IP addresses and DNS names, or press ENTER to be prompted for this information:
  Enter one IP address or DNS name and press ENTER to enter another.  
  Pressing ENTER on an empty line will terminate address entry.  
  Enter a new IP address or DNS name: ___________  
  Enter a new IP address or DNS name: ___________  
  Enter a new IP address or DNS name:

Done collecting IP addresses and DNS names.

Enter an optional two-letter country code where your company is located: __

Enter an optional state/province where your company is located: __

Enter an optional city where your company is located: __________

Enter an optional department within your organization: __________

Enter an optional email address to associate with this certificate: __________

Loading the CA key from 'downloads\_ca_key\ca.key'
Loading the CA certificate from 'downloads\Expires_On_2026-04-14\ca.crt'

Successfully created and saved 1 of 1 files:  

The output files listed at the bottom always show the absolute path to the files, even if relative paths were used throughout the program.

Run the Python script createclientcert.py with command-line parameters:

python createclientcert.py --certManagementFolder Certs --commonName "MyCompany Private Certificate Authority" --country US --location Columbia --months 13 --org MyCompany --state Missouri --unit IT

usage: createclientcert.py [-h] [--altName [ALTNAME ...]] [--altNameFile [ALTNAMEFILE]] [--bits [BITS]] [--caCertFile [CACERTFILE]] [--caKeyFile [CAKEYFILE]] [--caKeyFilePass [CAKEYFILEPASS]] [--certManagementFolder [CERTMANAGEMENTFOLDER]] [--cipher [CIPHER]] [--commonName [COMMONNAME]]                       [--country [COUNTRY]] [--email [EMAIL]] [--inputDirectory [INPUTDIRECTORY]] [--location [LOCATION]] [--months [MONTHS]] [--org [ORG]] [--outCertFile [OUTCERTFILE]] [--outKeyFile [OUTKEYFILE]] [--passphrase [PASSPHRASE]] [--revokeSerialNumbers [REVOKESERIALNUMBERS ...]]                       [--selfSigned [SELFSIGNED]] [--serial [SERIAL]] [--singleFile [SINGLEFILE]] [--state [STATE]] [--unit [UNIT]]

options:
  -h, --help
         show this help message and exit
  --altName [ALTNAME ...]
         A space delimited list of Subject Alternative Names.
  --altNameFile [ALTNAMEFILE]
         A filename to load Subject Alternative Names from. One entry per line. Will be ignored if --altName is present.
  --bits [BITS]
         The bit-depth to use when generating the private key. Defaults to 4096.
  --caCertFile [CACERTFILE]
         The CA certificate filename. Ignored when generating new CA key pairs.
  --caKeyFile [CAKEYFILE]
         The CA key filename. Ignored when generating new CA key pairs.
  --caKeyFilePass [CAKEYFILEPASS]
         An optional passphrase to unlock encrypted CA/signing key data. Ignored when generating new CA key pairs.
  --certManagementFolder [CERTMANAGEMENTFOLDER]
         The base directory to store saved files in.
  --cipher [CIPHER]
         The cipher to use for encryption and decryption. Defaults to sha256.
  --commonName [COMMONNAME]
         The Common Name is a string used to identify the certificate.
  --country [COUNTRY]
         A two-letter country designation.
  --email [EMAIL]
         An email address to associate with the output certificate.
  --inputDirectory [INPUTDIRECTORY]
         The directory containing certificates to renew. Used only by renewcert.py
  --location [LOCATION]
         The certificate organization location or city.
  --months [MONTHS]
         The certificate validity duration.
  --org [ORG]
         The certificate organization name.
  --outCertFile [OUTCERTFILE]
         The output certificate filename.
  --outKeyFile [OUTKEYFILE]
         The output key filename.
  --passphrase [PASSPHRASE]
         If provided, the new key will be encrypted using this passphrase.
  --revokeSerialNumbers [REVOKESERIALNUMBERS ...]
         A space delimited list of serial numbers to revoke. Used only by revokecert.py
  --selfSigned [SELFSIGNED]
         If true, the server/client key will sign the new certificate rather than a CA key. Defaults to False. Ignored when generating new CA key pairs.
  --serial [SERIAL]
         The serial number is an integer used to identify the certificate. When a certificate is revoked, this number is how the revoked certificate is identified.
  --singleFile [SINGLEFILE]
         If true, both the key and certificate will be saved in the certificate file. Defaults to False. Ignored when generating new CA key pairs.
  --state [STATE]
         The certificate organization state or province.
  --unit [UNIT]
         The certificate organization Unit or department.