如何使用Python将“主题目录属性”添加到证书?

时间:2016-12-06 15:02:46

标签: pyopenssl

我尝试了crypto.X509Extension('subjectDirAttrs', ...),但Python给出的错误类似于“未知扩展名”。

任何人都可以提供解决方案吗?提前谢谢!

#! /usr/bin/env python

from OpenSSL import crypto

newSubject=crypto.X509Name(crypto.X509().get_subject())

newSubject.C='US'
newSubject.ST='California'
newSubject.O='University of California, Davis'
newSubject.OU='Computer Science, UCDavis'
newSubject.CN='www.cs.ucdavis.edu'

newCert=crypto.X509()
newCert.set_version(2)
newCert.set_serial_number(2016120711)
newCert.set_notBefore('20161207125959Z')
newCert.set_notAfter('20171207125959Z')
newCert.set_issuer(newSubject)
newCert.set_subject(newSubject)

pkObject=crypto.PKey()
pkObject.generate_key(crypto.TYPE_RSA,2048) 

newCert.set_pubkey(pkObject)

newExt=crypto.X509Extension('basicConstraints', True, 'CA:true')
newCert.add_extensions([newExt])

newExt=crypto.X509Extension('subjectDirAttrs', True, 'something')
newCert.add_extensions([newExt])


newCert.sign(pkObject,'sha256')
with open('ask_stackoverflow.pem','w') as f:
    f.write(crypto.dump_certificate(crypto.FILETYPE_PEM,newCert))

我尝试了'subjectDirectoryAttributes'和'subjectDirAttrs',但它们都不能正常工作。

0 个答案:

没有答案