Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Copy a certificate using cryptography
# -*- coding: utf-8 -*-
A script that takes a path to a given cert and key and rebuilds them in new
import sys
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
def build_matching_cert(cert, private_key):
builder = x509.CertificateBuilder()
builder = builder.subject_name(cert.subject)
builder = builder.issuer_name(cert.issuer)
builder = builder.not_valid_before(cert.not_valid_before)
builder = builder.not_valid_after(cert.not_valid_after)
builder = builder.serial_number(cert.serial_number)
builder = builder.public_key(cert.public_key())
# Copy over all the extensions
for extension in cert.extensions:
builder = builder.add_extension(extension.value, extension.critical)
# Now we need to sign the cert. We want to use the same algorithm as
# before.
new_cert = builder.sign(
return new_cert
def main():
cert_name = sys.argv[1]
key_name = sys.argv[2]
with open(cert_name, 'rb') as f:
cert = x509.load_pem_x509_certificate(, default_backend())
with open(key_name, 'rb') as f:
key = serialization.load_pem_private_key(, None, default_backend()
# Ok, so we want to create a new cert from the old one. We use a
# cert_builder for this.
new_cert = build_matching_cert(cert, key)
with open(cert_name + '.new', 'wb') as f:
if __name__ == '__main__':
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.