使用CA.crt创建自签名证书

问题描述 投票:0回答:1

我现在正在尝试编写代码来创建证书。在 openssl 中,它的 make 类似于

openssl x509 -req -CAkey key.pem -CA CA.CRT -CAcreateserial -in csr.csr -req -days 365 -out cert.CRT -extfile config.conf -extensions v3_req
我不知道如何设置此选项
-CAkey key.pem
-CA CA.CRT
-CAcreateserial
并在下面的代码中进行编辑。

对于此代码

openssl x509 -req -signkey priv.pem -in csr.csr -req -days 365 -out crt.crt -extfile config.conf -extensions v3_req
我使用下一个功能:

def crtGen(path, name, key):     
    subject = issuer = x509.Name([
    x509.NameAttribute(NameOID.COUNTRY_NAME, ""),
    x509.NameAttribute(NameOID.ORGANIZATION_NAME, ""),
    x509.NameAttribute(NameOID.COMMON_NAME, ""),
    ])
    cert = x509.CertificateBuilder().subject_name( 
        subject 
    ).issuer_name( 
        issuer
    ).add_extension(
        x509.BasicConstraints(ca=False,path_length=None),critical=False,
    ).add_extension(
        x509.KeyUsage(digital_signature=True,
                      key_encipherment=True,
                      content_commitment=True,
                      data_encipherment=False,
                      key_agreement=False,
                      key_cert_sign=False,
                      crl_sign=False,
                      encipher_only=False,
                      decipher_only=False),
        critical=False,
    ).public_key( 
        key.public_key() 
    ).serial_number( 
        x509.random_serial_number() 
    ).not_valid_before( 
        datetime.utcnow() 
    ).not_valid_after( 
        datetime.utcnow() + timedelta(days=365) 
    ).sign(key, hashes.SHA256())
    with open(f"{path}{name}.crt", "wb") as f:
        f.write(cert.public_bytes(serialization.Encoding.PEM)
python openssl cryptography x509certificate x509
1个回答
0
投票

如果您想要生成自签名的 openssl 证书,您可以使用 subprocess 模块调用命令来完成。

示例(根据您的喜好调整设置)

import subprocess

def generate_self_signed_certificate(cert_path, key_path):
    openssl_cmd = [
        'openssl', 'req', '-x509', '-newkey', 'rsa:4096',
        '-keyout', key_path, '-out', cert_path, '-days', '365'
    ]

    try:
        subprocess.run(openssl_cmd, check=True)
        print(f"Certificate generated successfully: {cert_path} and {key_path}")
    except subprocess.CalledProcessError as e:
        print(f"Error generating certificate: {e}")

if __name__ == "__main__":
    cert_path = "path/to/your/certificate.crt"
    key_path = "path/to/your/private_key.key"
    
    generate_self_signed_certificate(cert_path, key_path)

这是一种更清晰、更简单的方法来完成您想要做的事情。

© www.soinside.com 2019 - 2024. All rights reserved.