如何解决使用SAN创建CSR的Python函数
我发现了在此线程上创建CSR的函数:Generating a CSR in Python
但是,它没有提及如何将SAN(SubjectAltName)添加到CSR,这对于浏览器考虑使用此CSR生成的证书是安全的非常重要。
然后我在此线程中找到了一个单独的功能,用于将SAN添加到CSR: Is it possible to set subjectAltName using pyOpenSSL?
问题是无论出于何种原因我都无法将两者结合起来。每当我添加它时,Microsoft Active Directory证书服务似乎都不喜欢它,并给我这个错误: Certificate Services Error Message
我在做什么错?谢谢您提前提供的所有帮助
这是我的代码寻找参考的方式:
def create_csr(common_name,country=None,state=None,city=None,organization=None,organizational_unit=None,email_address=None):
"""
Args:
common_name (str).
country (str).
state (str).
city (str).
organization (str).
organizational_unit (str).
email_address (str).
Returns:
(str,str). Tuple containing private key and certificate
signing request (PEM).
"""
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA,2048)
req = OpenSSL.crypto.X509Req()
req.get_subject().CN = common_name
if country:
req.get_subject().C = country
if state:
req.get_subject().ST = state
if city:
req.get_subject().L = city
if organization:
req.get_subject().O = organization
if organizational_unit:
req.get_subject().OU = organizational_unit
if email_address:
req.get_subject().emailAddress = email_address
req.set_pubkey(key)
req.sign(key,'sha256')
san_list = ["IP:" + common_name,"DNS:" + common_name]
req.add_extensions([
OpenSSL.crypto.X509Extension(
"subjectAltName".encode("utf-8"),False,(",".join(san_list)).encode("utf-8")
)
])
private_key = OpenSSL.crypto.dump_privatekey(
OpenSSL.crypto.FILETYPE_PEM,key)
csr = OpenSSL.crypto.dump_certificate_request(
OpenSSL.crypto.FILETYPE_PEM,req)
return private_key,csr
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
