ssl

Certiffy

~ aardvark ~ Leave a comment
Photo by Wolfgang Hasselmann on Unsplash

Basically I have accumulated together a lot of the ideas described so far on aardvark.

The program uses Python, Flask, jinga2, bootstrap5, plotly, pandas and runs with apache and gunicorn.

I’m pretty new to all this so am using it in this basic manner. There are two logins, guest and admin.

from flask  import session
from flask_session import Session
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)
try:
        session['user']
        if not session.get('logged_in') or session['user'] != 'admin':

The section for the login form:

@app.route('/login', methods=['POST'])
def do_admin_login():
  global config_data
  if request.form['password'] == config_data['ADMINPW']  and request.form['username'] == 'admin':
    session['logged_in'] = True
    session['user'] = "admin"
  elif request.form['password'] == 'guest' and request.form['username'] == 'guest':
    session['logged_in'] = True
    session['user'] = "guest"
  else:
    flash('wrong password!')
    #return home()
    return render_template('login.html')
  params= {     'url': 'example.com',
                'adminoutputFormat': 'html'}
  return mainpage(params)

The main page lets you add new URL’s to manage the certificate expiry/renewal process.

The grading uses the free ssllabs.com api.

The “generate csr and key” page examines the current certificate and offers a replacement and key. It’s an API so you can use curl to bring the key and csr to a machine.

Then below this page is the principal information behind the website, the about to expire certificates.

The below that just more of the same but fancier:

Then a view of the whole scope over the year

The graded page is an overview of the externally facing sites:

With a scrolling table below that for you to find the errant certificates (not shown).

The website is using fairly minimal bootstrap5 to display nicely with lowest effort in coding.

The program is written as an API so you can read/generate with curl, and add/update with an api token.

The data is still in a json file. I suppose is this became vital I should put it in a database but its all a lot of effort and most of us sysadmins prefer our flat files anyway.