我现在正在尝试编写代码来创建证书。在 openssl 中,它的 make 类似于
openssl x509 -req -CAkey key.pem -CA CA.CRT -CAcreateserial -in csr.csr -req -days 365 -out cert.CRT -extfile config.conf -extensions v3_req
我不知道如何设置此选项 -CAkey key.pem
、-CA CA.CRT
和 -CAcreateserial
并在下面的代码中进行编辑。
对于此代码
openssl x509 -req -signkey priv.pem -in csr.csr -req -days 365 -out crt.crt -extfile config.conf -extensions v3_req
我使用下一个功能:
def crtGen(path, name, key):
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, ""),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, ""),
x509.NameAttribute(NameOID.COMMON_NAME, ""),
])
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).add_extension(
x509.BasicConstraints(ca=False,path_length=None),critical=False,
).add_extension(
x509.KeyUsage(digital_signature=True,
key_encipherment=True,
content_commitment=True,
data_encipherment=False,
key_agreement=False,
key_cert_sign=False,
crl_sign=False,
encipher_only=False,
decipher_only=False),
critical=False,
).public_key(
key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.utcnow()
).not_valid_after(
datetime.utcnow() + timedelta(days=365)
).sign(key, hashes.SHA256())
with open(f"{path}{name}.crt", "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM)
如果您想要生成自签名的 openssl 证书,您可以使用 subprocess 模块调用命令来完成。
示例(根据您的喜好调整设置):
import subprocess
def generate_self_signed_certificate(cert_path, key_path):
openssl_cmd = [
'openssl', 'req', '-x509', '-newkey', 'rsa:4096',
'-keyout', key_path, '-out', cert_path, '-days', '365'
]
try:
subprocess.run(openssl_cmd, check=True)
print(f"Certificate generated successfully: {cert_path} and {key_path}")
except subprocess.CalledProcessError as e:
print(f"Error generating certificate: {e}")
if __name__ == "__main__":
cert_path = "path/to/your/certificate.crt"
key_path = "path/to/your/private_key.key"
generate_self_signed_certificate(cert_path, key_path)
这是一种更清晰、更简单的方法来完成您想要做的事情。