{ "cells": [ { "cell_type": "markdown", "id": "31b12fb8", "metadata": {}, "source": [ "# Create a X.509 certificate\n", "\n", "- This is a Jupyter Notebook using Python 3.7 and openSSl to create a X.509 self-signed certificate for authenticating the signer using the openSSL command line tool.\n", "\n", "- This will Generate RSA256 public and private keys for signing\n", "\n", "- Typically you will this DO THIS ONLY ONCE and reuse the certificate.\n", "\n", "*Although self-signed certificates are used for the purpose of these examples, they are not recommended for production systems.*" ] }, { "cell_type": "markdown", "id": "860eeaf4", "metadata": {}, "source": [ "### Step 1: Pre-configure the self-signed cert with a configuration file\n", "\n", "the following Bash command writes a multiline string to a new file\n", "\n", "Instructions:\n", " 1. Update the output directory\n", " 2. Update the configuration manually with your values. See [openSSl](https://www.openssl.org/) library for details\n", "\n", "Modern standards (e.g., RFC 2818 for HTTPS) prioritize SAN( [alt_names] ) over CN (commonName)f or identity verification, as SAN supports multiple identifiers and is less ambiguous.\n", "\n", "\n", " - DNS or dNSName (DNS Name), which represents a fully qualified domain name (FQDN) \n", " - e.g., `DNS.1=www.example.org`\n", " - otherName (Tag [0], OtherName) for NPI or Taxid (Most public CAs (e.g., DigiCert, Entrust) may not support custom otherName :-()\n", "\n", " - define an OID\n", " - NPI Value as string\n", " - otherName.1: Specifies the NPI with the format OID;TYPE:VALUE.\n", " - e.g. : `otherName.1 = 2.16.840.1.113883.4.6;UTF8:1234567890`\n", "- URI or uniformResourceIdentifier (Tag [6], IA5String): for FHIR resource \n", " - e.g., `URI.1 = https://example.org/fhir/Practitioner/123`\n" ] }, { "cell_type": "code", "execution_count": 2, "id": "be0a5348", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "DIR_PATH=\"example_org_cert\" #update directory with your value\n" ] } ], "source": [ "%%bash\n", "# Define a directory variable\n", "cat << 'EOF' | tee /tmp/vars.sh #bash commands do not edit\n", "DIR_PATH=\"example_org_cert\" #update directory with your value\n", "EOF" ] }, { "cell_type": "code", "execution_count": 3, "id": "91599db9", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "# ===========Configuration for healthcare certificate with NPI and FHIR endpoint ===========\n", "# =================== update configuration manually with your values =======================\n", "[req]\n", "default_bit = 4096\n", "distinguished_name = req_distinguished_name\n", "prompt = no\n", "x509_extensions = v3_ca\n", "\n", "# Subject details\n", "[req_distinguished_name]\n", "countryName = US\n", "stateOrProvinceName = Massachusetts\n", "localityName = Boston\n", "organizationName = Example Organization\n", "commonName = CDEX Example Organization\n", "emailAddress = customer-service@example.org\n", "\n", "[v3_ca]\n", "basicConstraints = CA:FALSE\n", "keyUsage=nonRepudiation, digitalSignature, keyEncipherment\n", "# 1.2.840.113549.1.9.16.2.47 = ASN1:SEQUENCE:commitment_type # custom extensio\n", "\n", "# SAN extension\n", "subjectAltName = @alt_names\n", "\n", "# SAN entries for FHIR and NPI\n", "[alt_names]\n", "DNS.1 = www.example.org\n", "otherName.1 = 2.16.840.1.113883.4.6;UTF8:1234567893\n", "URI.1 = https://example.org/fhir/Organization/123\n", "\n", "# Optional custom extension for the commitment type:\n", "# The FHIR Signature SHALL include a \"srCms signer commitments\" element for the Purpose(s) of Signature. \n", "# [commitment_type]\n", "# commitmentTypeId = OID:1.2.840.10065.1.12.1.5\n", "# commitmentTypeQualifier = UTF8:Verification of medical record integrity\n", "# EOF\n", "# don't edit the previous line\n" ] } ], "source": [ "%%bash\n", "# =================== bash commands do not edit =======================\n", "# Source the script to load the variable\n", "source /tmp/vars.sh\n", "# Create the directory if it doesn't exist\n", "mkdir -p \"$DIR_PATH\" # -p ensures no error if directory already exists\n", "\n", "# Use here-document to write to a file in the specified directory\n", "cat << EOF| tee \"$DIR_PATH/cert.config\" # Write to newfile.txt in the directory\n", "# ===========Configuration for healthcare certificate with NPI and FHIR endpoint ===========\n", "# =================== update configuration manually with your values =======================\n", "[req]\n", "default_bit = 4096\n", "distinguished_name = req_distinguished_name\n", "prompt = no\n", "x509_extensions = v3_ca\n", "\n", "# Subject details\n", "[req_distinguished_name]\n", "countryName = US\n", "stateOrProvinceName = Massachusetts\n", "localityName = Boston\n", "organizationName = Example Organization\n", "commonName = CDEX Example Organization\n", "emailAddress = customer-service@example.org\n", "\n", "[v3_ca]\n", "basicConstraints = CA:FALSE\n", "keyUsage=nonRepudiation, digitalSignature, keyEncipherment\n", "# 1.2.840.113549.1.9.16.2.47 = ASN1:SEQUENCE:commitment_type # custom extensio\n", "\n", "# SAN extension\n", "subjectAltName = @alt_names\n", "\n", "# SAN entries for FHIR and NPI\n", "[alt_names]\n", "DNS.1 = www.example.org\n", "otherName.1 = 2.16.840.1.113883.4.6;UTF8:1234567893\n", "URI.1 = https://example.org/fhir/Organization/123\n", "\n", "# Optional custom extension for the commitment type:\n", "# The FHIR Signature SHALL include a \"srCms signer commitments\" element for the Purpose(s) of Signature. \n", "# [commitment_type]\n", "# commitmentTypeId = OID:1.2.840.10065.1.12.1.5\n", "# commitmentTypeQualifier = UTF8:Verification of medical record integrity\n", "# EOF\n", "# don't edit the previous line" ] }, { "cell_type": "markdown", "id": "7b0ad774", "metadata": {}, "source": [ "### Step 2: Generate the public and private keys and cert using the openSSL command line tool.\n", "\n", "- Saved in the $DIR_PATH folder\n", "- For the purpose of this example display the keys (normally would never share the private key)\n" ] }, { "cell_type": "code", "execution_count": 18, "id": "97aa33b9", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "********* normally you would never share this! ***********\n", "-----BEGIN PRIVATE KEY-----\n", "MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCcXmvX60GA5G+D\n", "l4iRn9TS/wTF1FTH9RmrP29G6XSOuVDEgGZwUTJI/OkRLPj+JUKy/kMY3Ym41k3J\n", "Rr8NrJ7Ucjf3Te2Y0zmRMfGKO2X7p01Id8rGhnbsTkWjszcckjKOTk7E4HXO7XQm\n", "VvRZaPrjnVVsz6aIUmmUyBemUxsPQxqkd77zRKe1J+fMbpbSnaF2S5H9I5IpQu3e\n", "rSjNwunumJA/5sNASMUf+ZrK5htwPflonlVA9HEPo6N5tJsCMEY5qkZAXD55PUbf\n", "8Ixrd3+t1iXNAgMdXPp9NjfmkzaHOsR5EL78oVftKH8XMgs9L+XXhcmp+SuSbUT+\n", "laQFnKZZ661EB8UVQGPhsHcuYz7M/+GD7lkmn5w7g6izY05Ds1tdth3hB+E1e0V8\n", "al0+HYxXtmL28ObrurZt5VOT636aBWeak3m1lt+JLiTWwcIXuriJwXCQ7W2OhIrl\n", "eBnt5YRdF/VwkAf5Bp40DKrYSvBT/x3ParbcAs5rua4MiztzwzMCAwEAAQKCAYA9\n", "1HAcLp/2EV2u0Opleqeyzrfaab0kW9xMhIbBqWo3TTuMl6Dp5JFXnvmhmwDRrXYU\n", "RMnPOTpN5h9X6St+grVDF+7dUOkUNuFacj8qA5atzVeXwhZiLaU0hzauJh0ypPRs\n", "pLYszvyGWApHZraz6/jYq8utfOZCnSO2evAvCkl23XfZdKgClTEjRqY3hbsJiN7h\n", "YbxWNgyDWD2qgRnTUrEhcR4IxnyKHLwlipMUi6xp03edUI4xYvaZ0oC/jRSF5wQf\n", "XNK/gL3WZ9dcrCVO8fVLsAlfQLb860QsbNNc3U+lh3fdJRQ25O2M1XLJau8oq7G+\n", "ztJ5C344t71Rep0Mwmpkc5iuA+51h+KHawMsSsdSVgYN4wb2qwTG2wnn+CakSBIa\n", "OtsBJc57/fiYdoIRAY02kzimmH8Sc9O+Xzi69yNSp+SJ++AF6GnBwoSXXd2ztJ1Q\n", "0Q+4ABPH97ifZrBL7M75GAlzQTp+MMWvkRNMSpeJw/Z5qJb59CNuJkhcdzCe+eEC\n", "gcEAzXWb33jH3imbuwtPmmbsgPsQrcsm76OgkSvgivET9l8u71eMQyXCgxXzKP4Q\n", "sUI8r+tGos97TtpdEtalxo535PYByAGFdHwBzCGBErzJthxUyx+6K6vJc/z1Yar6\n", "W1ykTptIbFHSnFsqCzGc6IJay7ZEmKH4Kg/pKrSfo2Qh8//m4IaqLHIxzVLJbwK2\n", "L9lIkxVuyV3VNHjpTdoLpg7cvOyXLUsrQrws5uXLldJIRdrKMtCPda5A0XLQ7Rwm\n", "t5yLAoHBAMLVbroUY8j/LqBTkITi7q0rK2pkLog7OjG8TPLfHzLhGj5/KA5AZ7KN\n", "rhpI/sJF9CFLlksC0A1MySBchAgYSThNwhJBcBQ/S4IScVfpXFJx5lfxwvE2SyoA\n", "C2OPhaw/p3KOL8SkhA82Y1YLQ5HPxDn7bIgQj50viCXwesdf9lhr0OKCd6zwmcvv\n", "159wSCu+u5n8KJK2EMElVIGsZx/v1kE0QPgaqYukKdCXj66bJ6+qa2JJavcutBuD\n", "tlnSfaWA+QKBwFrYr+1mCGoRV8yiubX54IU/fiZ6d2LqpOrLzeNhqYP8nlIyEdD2\n", "90TjBbuQa20VbqQSkg8XUtyQ7SqRQofDIvxYUn1PPuU8l8bc4aeZVk9xw4R1KOp6\n", "cP8aUJ247i5LjlM7khBjNY7xOGvuqgSc7uy4USh0JbjjhCPf7d5fPiwXcMzCfqhc\n", "beztuCefuVL67n4qsevT05v6Ap7r1M6+L5hRvJ7IZ/6AGhKWdShv7IkGrvU9BtHw\n", "FLUH4Z2WHwB89QKBwQCMWAHyuE1Is8h6ZLdtgao7wyT69j8ukrtQqDsll+N5Wvz0\n", "l9PasDoCPFx1Qq+AcbNxaGlSjywe6HjYfsv8qMHVdO2fCNQbQZy6jV5n3QlLuhAa\n", "uWObLWjnUDDj/rZjZVbRBesS0w7thlf32xVJK0hGG/4J5SQOLfb8nUVT6KQi/Uby\n", "YtiiEo42gQXpK5BRMosgWKtBQzS+bI16+x0tvC2xuloyXcJTfGVChGpTdCAaQcAo\n", "hIowk8vZJf9spFstpMECgcEAhP83c3vMDk/6CBDpwwnL7jQmQhauA8kAEu5nzLyr\n", "N+jCuZZxlQkXti1SpLK3R9NNXDX6RIN0GfEUPV8bshnUb14ZefjRbXqkQTB5soVH\n", "IKYNz1GmuO+ZK2ts8XLDgdIzljHn89UJ2gntQqkR/x5yaOWrfWKuiOOxr6JyG4B9\n", "KB67jWjiZWmOWyNHIiiAvlAExA5Y6Tge/tyek/iDAUY0j7JrR1qT2Elyr9wV8eQW\n", "FT/IbDe53KyIZ5L/aJsv1R8A\n", "-----END PRIVATE KEY-----\n", "********* you only share this! ***********\n", "-----BEGIN PUBLIC KEY-----\n", "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnF5r1+tBgORvg5eIkZ/U\n", "0v8ExdRUx/UZqz9vRul0jrlQxIBmcFEySPzpESz4/iVCsv5DGN2JuNZNyUa/Daye\n", "1HI3903tmNM5kTHxijtl+6dNSHfKxoZ27E5Fo7M3HJIyjk5OxOB1zu10Jlb0WWj6\n", "451VbM+miFJplMgXplMbD0MapHe+80SntSfnzG6W0p2hdkuR/SOSKULt3q0ozcLp\n", "7piQP+bDQEjFH/mayuYbcD35aJ5VQPRxD6OjebSbAjBGOapGQFw+eT1G3/CMa3d/\n", "rdYlzQIDHVz6fTY35pM2hzrEeRC+/KFX7Sh/FzILPS/l14XJqfkrkm1E/pWkBZym\n", "WeutRAfFFUBj4bB3LmM+zP/hg+5ZJp+cO4Oos2NOQ7NbXbYd4QfhNXtFfGpdPh2M\n", "V7Zi9vDm67q2beVTk+t+mgVnmpN5tZbfiS4k1sHCF7q4icFwkO1tjoSK5XgZ7eWE\n", "XRf1cJAH+QaeNAyq2ErwU/8dz2q23ALOa7muDIs7c8MzAgMBAAE=\n", "-----END PUBLIC KEY-----\n" ] }, { "name": "stderr", "output_type": "stream", "text": [ "writing RSA key\n" ] } ], "source": [ "%%bash\n", "# Source the script to load the variable\n", "source /tmp/vars.sh\n", "# generate the private \n", "openssl genrsa -out \"$DIR_PATH/private-key.pem\" 3072\n", "openssl rsa -in \"$DIR_PATH/private-key.pem\" -pubout -out \"$DIR_PATH/public-key.pem\"\n", "openssl req -new -x509 -key \"$DIR_PATH/private-key.pem\" -outform DER -out \"$DIR_PATH/cert.der\" -days 720 -config \"$DIR_PATH/cert.config\"\n", "echo \"********* normally you would never share this! ***********\"\n", "cat \"$DIR_PATH/private-key.pem\"\n", "echo \"********* you only share this! ***********\"\n", "cat \"$DIR_PATH/public-key.pem\"\n" ] }, { "cell_type": "markdown", "id": "60db4a70", "metadata": {}, "source": [ "#### Show the Certificate in DER Format " ] }, { "cell_type": "code", "execution_count": 19, "id": "d84aa883", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Certificate:\n", " Data:\n", " Version: 3 (0x2)\n", " Serial Number:\n", " 06:7e:37:17:83:b5:d7:4c:d5:34:73:d4:b4:19:e7:5d:fd:f7:15:0c\n", " Signature Algorithm: sha256WithRSAEncryption\n", " Issuer: C=US, ST=California, L=Sausalito, O=Example Organization, CN=John Hancock, MD, emailAddress=jhancock@example.org\n", " Validity\n", " Not Before: Jun 25 23:12:39 2025 GMT\n", " Not After : Jun 15 23:12:39 2027 GMT\n", " Subject: C=US, ST=California, L=Sausalito, O=Example Organization, CN=John Hancock, MD, emailAddress=jhancock@example.org\n", " Subject Public Key Info:\n", " Public Key Algorithm: rsaEncryption\n", " Public-Key: (3072 bit)\n", " Modulus:\n", " 00:9c:5e:6b:d7:eb:41:80:e4:6f:83:97:88:91:9f:\n", " d4:d2:ff:04:c5:d4:54:c7:f5:19:ab:3f:6f:46:e9:\n", " 74:8e:b9:50:c4:80:66:70:51:32:48:fc:e9:11:2c:\n", " f8:fe:25:42:b2:fe:43:18:dd:89:b8:d6:4d:c9:46:\n", " bf:0d:ac:9e:d4:72:37:f7:4d:ed:98:d3:39:91:31:\n", " f1:8a:3b:65:fb:a7:4d:48:77:ca:c6:86:76:ec:4e:\n", " 45:a3:b3:37:1c:92:32:8e:4e:4e:c4:e0:75:ce:ed:\n", " 74:26:56:f4:59:68:fa:e3:9d:55:6c:cf:a6:88:52:\n", " 69:94:c8:17:a6:53:1b:0f:43:1a:a4:77:be:f3:44:\n", " a7:b5:27:e7:cc:6e:96:d2:9d:a1:76:4b:91:fd:23:\n", " 92:29:42:ed:de:ad:28:cd:c2:e9:ee:98:90:3f:e6:\n", " c3:40:48:c5:1f:f9:9a:ca:e6:1b:70:3d:f9:68:9e:\n", " 55:40:f4:71:0f:a3:a3:79:b4:9b:02:30:46:39:aa:\n", " 46:40:5c:3e:79:3d:46:df:f0:8c:6b:77:7f:ad:d6:\n", " 25:cd:02:03:1d:5c:fa:7d:36:37:e6:93:36:87:3a:\n", " c4:79:10:be:fc:a1:57:ed:28:7f:17:32:0b:3d:2f:\n", " e5:d7:85:c9:a9:f9:2b:92:6d:44:fe:95:a4:05:9c:\n", " a6:59:eb:ad:44:07:c5:15:40:63:e1:b0:77:2e:63:\n", " 3e:cc:ff:e1:83:ee:59:26:9f:9c:3b:83:a8:b3:63:\n", " 4e:43:b3:5b:5d:b6:1d:e1:07:e1:35:7b:45:7c:6a:\n", " 5d:3e:1d:8c:57:b6:62:f6:f0:e6:eb:ba:b6:6d:e5:\n", " 53:93:eb:7e:9a:05:67:9a:93:79:b5:96:df:89:2e:\n", " 24:d6:c1:c2:17:ba:b8:89:c1:70:90:ed:6d:8e:84:\n", " 8a:e5:78:19:ed:e5:84:5d:17:f5:70:90:07:f9:06:\n", " 9e:34:0c:aa:d8:4a:f0:53:ff:1d:cf:6a:b6:dc:02:\n", " ce:6b:b9:ae:0c:8b:3b:73:c3:33\n", " Exponent: 65537 (0x10001)\n", " X509v3 extensions:\n", " X509v3 Basic Constraints: \n", " CA:FALSE\n", " X509v3 Key Usage: \n", " Digital Signature, Non Repudiation, Key Encipherment\n", " X509v3 Subject Alternative Name: \n", " DNS:www.example.org, othername: 2.16.840.1.113883.4.6:9941339100, URI:https://example.org/fhir/Practitioner/123\n", " X509v3 Subject Key Identifier: \n", " BF:BE:3E:5C:04:70:44:45:76:54:81:13:92:8D:5F:1E:4E:3F:2E:EB\n", " Signature Algorithm: sha256WithRSAEncryption\n", " Signature Value:\n", " 7c:68:74:7e:fe:fa:04:cc:91:a6:29:ff:ea:6d:8d:9c:e0:30:\n", " 60:df:96:60:d5:b8:67:04:0a:3e:88:7e:88:11:63:81:bf:e0:\n", " 5d:9f:f1:dd:d9:c6:ab:64:54:9d:11:cb:c9:b7:2f:a8:ec:02:\n", " f2:de:3e:2f:64:1a:7a:7b:73:ff:34:8b:7c:12:22:1c:ff:af:\n", " b5:ab:95:a3:86:22:ad:42:88:14:ee:4d:90:36:cf:47:01:17:\n", " e9:9a:68:b7:04:44:da:9d:d8:3c:ea:a6:2e:35:29:ba:a7:b3:\n", " 29:17:ee:cd:f7:c4:48:81:82:59:fe:9b:01:9a:07:f2:8b:f2:\n", " ce:4a:54:3b:14:f6:95:c2:4b:d9:84:20:c5:a1:04:fb:f3:0e:\n", " 10:3c:5b:cb:f1:b9:b4:d9:47:59:4d:6b:9b:6f:43:64:3e:a2:\n", " 4e:7f:05:1c:c3:9b:e0:30:1e:2e:ce:dd:79:40:4a:78:0c:66:\n", " 08:dd:70:d3:b2:1b:1d:f4:d7:fb:cc:68:cc:19:3c:9b:8a:d0:\n", " 69:12:36:15:a7:06:70:df:d2:e0:e9:22:8a:39:61:91:89:c3:\n", " 75:b6:fa:66:82:01:f7:d0:0c:1b:fd:2d:32:05:a0:87:9e:45:\n", " 08:bf:70:db:2b:9b:14:3b:11:fb:5c:99:5b:9c:3a:c6:f5:6e:\n", " 6c:5a:2a:da:b2:88:60:de:81:4c:c4:f7:e3:d3:7e:29:81:51:\n", " 4d:bf:a9:5f:4e:10:14:50:aa:5f:53:b2:b9:01:09:8c:9a:59:\n", " 6a:e2:c8:55:29:94:69:5c:c3:59:d6:91:9a:dd:2b:90:b0:fa:\n", " 47:ce:6d:85:82:69:37:13:2b:e2:80:2b:b3:2e:62:97:92:f4:\n", " 25:53:04:5c:6d:75:0a:11:31:44:22:7b:5e:c8:64:b4:b8:e3:\n", " f8:0f:25:75:44:6b:2c:74:56:5e:8b:71:ea:63:55:a7:7f:8c:\n", " a2:20:a1:c7:b3:df:9c:6b:c2:3d:a3:ef:90:b4:2a:89:ef:1d:\n", " f2:b9:34:7a:33:77\n", "-----BEGIN CERTIFICATE-----\n", "MIIFVzCCA7+gAwIBAgIUBn43F4O110zVNHPUtBnnXf33FQwwDQYJKoZIhvcNAQEL\n", "BQAwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH\n", "DAlTYXVzYWxpdG8xHTAbBgNVBAoMFEV4YW1wbGUgT3JnYW5pemF0aW9uMRkwFwYD\n", "VQQDDBBKb2huIEhhbmNvY2ssIE1EMSMwIQYJKoZIhvcNAQkBFhRqaGFuY29ja0Bl\n", "eGFtcGxlLm9yZzAeFw0yNTA2MjUyMzEyMzlaFw0yNzA2MTUyMzEyMzlaMIGVMQsw\n", "CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU2F1c2Fs\n", "aXRvMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEZMBcGA1UEAwwQSm9o\n", "biBIYW5jb2NrLCBNRDEjMCEGCSqGSIb3DQEJARYUamhhbmNvY2tAZXhhbXBsZS5v\n", "cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcXmvX60GA5G+Dl4iR\n", "n9TS/wTF1FTH9RmrP29G6XSOuVDEgGZwUTJI/OkRLPj+JUKy/kMY3Ym41k3JRr8N\n", "rJ7Ucjf3Te2Y0zmRMfGKO2X7p01Id8rGhnbsTkWjszcckjKOTk7E4HXO7XQmVvRZ\n", "aPrjnVVsz6aIUmmUyBemUxsPQxqkd77zRKe1J+fMbpbSnaF2S5H9I5IpQu3erSjN\n", "wunumJA/5sNASMUf+ZrK5htwPflonlVA9HEPo6N5tJsCMEY5qkZAXD55PUbf8Ixr\n", "d3+t1iXNAgMdXPp9NjfmkzaHOsR5EL78oVftKH8XMgs9L+XXhcmp+SuSbUT+laQF\n", "nKZZ661EB8UVQGPhsHcuYz7M/+GD7lkmn5w7g6izY05Ds1tdth3hB+E1e0V8al0+\n", "HYxXtmL28ObrurZt5VOT636aBWeak3m1lt+JLiTWwcIXuriJwXCQ7W2OhIrleBnt\n", "5YRdF/VwkAf5Bp40DKrYSvBT/x3ParbcAs5rua4MiztzwzMCAwEAAaOBnDCBmTAJ\n", "BgNVHRMEAjAAMAsGA1UdDwQEAwIF4DBgBgNVHREEWTBXgg93d3cuZXhhbXBsZS5v\n", "cmegGQYJYIZIAYb5WwQGoAwMCjk5NDEzMzkxMDCGKWh0dHBzOi8vZXhhbXBsZS5v\n", "cmcvZmhpci9QcmFjdGl0aW9uZXIvMTIzMB0GA1UdDgQWBBS/vj5cBHBERXZUgROS\n", "jV8eTj8u6zANBgkqhkiG9w0BAQsFAAOCAYEAfGh0fv76BMyRpin/6m2NnOAwYN+W\n", "YNW4ZwQKPoh+iBFjgb/gXZ/x3dnGq2RUnRHLybcvqOwC8t4+L2Qaentz/zSLfBIi\n", "HP+vtauVo4YirUKIFO5NkDbPRwEX6ZpotwRE2p3YPOqmLjUpuqezKRfuzffESIGC\n", "Wf6bAZoH8ovyzkpUOxT2lcJL2YQgxaEE+/MOEDxby/G5tNlHWU1rm29DZD6iTn8F\n", "HMOb4DAeLs7deUBKeAxmCN1w07IbHfTX+8xozBk8m4rQaRI2FacGcN/S4Okiijlh\n", "kYnDdbb6ZoIB99AMG/0tMgWgh55FCL9w2yubFDsR+1yZW5w6xvVubFoq2rKIYN6B\n", "TMT349N+KYFRTb+pX04QFFCqX1OyuQEJjJpZauLIVSmUaVzDWdaRmt0rkLD6R85t\n", "hYJpNxMr4oArsy5il5L0JVMEXG11ChExRCJ7XshktLjj+A8ldURrLHRWXotx6mNV\n", "p3+MoiChx7PfnGvCPaPvkLQqie8d8rk0ejN3\n", "-----END CERTIFICATE-----\n" ] } ], "source": [ "%%bash\n", "# Source the script to load the variable\n", "source /tmp/vars.sh\n", "openssl x509 -in \"$DIR_PATH/cert.der\" -inform DER -text\n" ] }, { "cell_type": "markdown", "id": "6521ee15", "metadata": {}, "source": [ "##### Show the Certificate in PEM format" ] }, { "cell_type": "code", "execution_count": 20, "id": "bcc57f5f", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "-----BEGIN CERTIFICATE-----\n", "MIIFVzCCA7+gAwIBAgIUBn43F4O110zVNHPUtBnnXf33FQwwDQYJKoZIhvcNAQEL\n", "BQAwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH\n", "DAlTYXVzYWxpdG8xHTAbBgNVBAoMFEV4YW1wbGUgT3JnYW5pemF0aW9uMRkwFwYD\n", "VQQDDBBKb2huIEhhbmNvY2ssIE1EMSMwIQYJKoZIhvcNAQkBFhRqaGFuY29ja0Bl\n", "eGFtcGxlLm9yZzAeFw0yNTA2MjUyMzEyMzlaFw0yNzA2MTUyMzEyMzlaMIGVMQsw\n", "CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU2F1c2Fs\n", "aXRvMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEZMBcGA1UEAwwQSm9o\n", "biBIYW5jb2NrLCBNRDEjMCEGCSqGSIb3DQEJARYUamhhbmNvY2tAZXhhbXBsZS5v\n", "cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcXmvX60GA5G+Dl4iR\n", "n9TS/wTF1FTH9RmrP29G6XSOuVDEgGZwUTJI/OkRLPj+JUKy/kMY3Ym41k3JRr8N\n", "rJ7Ucjf3Te2Y0zmRMfGKO2X7p01Id8rGhnbsTkWjszcckjKOTk7E4HXO7XQmVvRZ\n", "aPrjnVVsz6aIUmmUyBemUxsPQxqkd77zRKe1J+fMbpbSnaF2S5H9I5IpQu3erSjN\n", "wunumJA/5sNASMUf+ZrK5htwPflonlVA9HEPo6N5tJsCMEY5qkZAXD55PUbf8Ixr\n", "d3+t1iXNAgMdXPp9NjfmkzaHOsR5EL78oVftKH8XMgs9L+XXhcmp+SuSbUT+laQF\n", "nKZZ661EB8UVQGPhsHcuYz7M/+GD7lkmn5w7g6izY05Ds1tdth3hB+E1e0V8al0+\n", "HYxXtmL28ObrurZt5VOT636aBWeak3m1lt+JLiTWwcIXuriJwXCQ7W2OhIrleBnt\n", "5YRdF/VwkAf5Bp40DKrYSvBT/x3ParbcAs5rua4MiztzwzMCAwEAAaOBnDCBmTAJ\n", "BgNVHRMEAjAAMAsGA1UdDwQEAwIF4DBgBgNVHREEWTBXgg93d3cuZXhhbXBsZS5v\n", "cmegGQYJYIZIAYb5WwQGoAwMCjk5NDEzMzkxMDCGKWh0dHBzOi8vZXhhbXBsZS5v\n", "cmcvZmhpci9QcmFjdGl0aW9uZXIvMTIzMB0GA1UdDgQWBBS/vj5cBHBERXZUgROS\n", "jV8eTj8u6zANBgkqhkiG9w0BAQsFAAOCAYEAfGh0fv76BMyRpin/6m2NnOAwYN+W\n", "YNW4ZwQKPoh+iBFjgb/gXZ/x3dnGq2RUnRHLybcvqOwC8t4+L2Qaentz/zSLfBIi\n", "HP+vtauVo4YirUKIFO5NkDbPRwEX6ZpotwRE2p3YPOqmLjUpuqezKRfuzffESIGC\n", "Wf6bAZoH8ovyzkpUOxT2lcJL2YQgxaEE+/MOEDxby/G5tNlHWU1rm29DZD6iTn8F\n", "HMOb4DAeLs7deUBKeAxmCN1w07IbHfTX+8xozBk8m4rQaRI2FacGcN/S4Okiijlh\n", "kYnDdbb6ZoIB99AMG/0tMgWgh55FCL9w2yubFDsR+1yZW5w6xvVubFoq2rKIYN6B\n", "TMT349N+KYFRTb+pX04QFFCqX1OyuQEJjJpZauLIVSmUaVzDWdaRmt0rkLD6R85t\n", "hYJpNxMr4oArsy5il5L0JVMEXG11ChExRCJ7XshktLjj+A8ldURrLHRWXotx6mNV\n", "p3+MoiChx7PfnGvCPaPvkLQqie8d8rk0ejN3\n", "-----END CERTIFICATE-----\n" ] } ], "source": [ "%%bash\n", "# Source the script to load the variable\n", "source /tmp/vars.sh\n", "openssl x509 -in \"$DIR_PATH/cert.der\" -inform DER -outform PEM -out \"$DIR_PATH/cert.pem\"\n", "cat \"$DIR_PATH/cert.pem\"" ] } ], "metadata": { "kernelspec": { "display_name": "fhir_builds", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.7.12" } }, "nbformat": 4, "nbformat_minor": 5 }