完整代碼如下。
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime
encryptedpassword = b"yokedicicaner31" #Kullan?c? inputu al, yokedicicaner31, kopyala yap??t?r.
key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend())
with open("rsakey.pem","wb") as f:
f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
format = serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword)))
subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"),
x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derne?i"),
x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() datetime.timedelta(days=10)
).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend())
with open("certificate.pem","wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
完整輸出如下。
unable to load X509 request
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
Expecting: CERTIFICATE REQUEST
我試圖用“openssl req -text -in certificate.pem”命令打開名為certificate.pem的證書檔案,但它拋出了我在輸出中寫的錯誤。當我使用 x509.CertificateSigningRequestBuilder 構建證書時沒有發生此錯誤,但是當我嘗試使用 x509.CertificateBuilder 構建自簽名證書時出現錯誤。感謝所有幫助。
uj5u.com熱心網友回復:
不清楚您在這里嘗試做什么,因為您只描述了遇到的問題,而不是最后嘗試執行的任務。反正 ...
openssl req -text -in certificate.pem
此行需要證書請求。您的代碼會創建證書 (CertificateBuilder),而不是證書請求。后者將使用 x509.CertificateSigningRequestBuilder 創建,正如預期的那樣與openssl req上面的命令一起使用。
... 當我嘗試使用 x509.CertificateBuilder 構建自簽名證書時出現錯誤。
看起來您在構建自簽名證書時不會出錯,即構建證書的代碼有效。相反,將它與openssl req. 此錯誤是意料之中的,因為您沒有提供證書請求,而是提供了證書。對于證書,請x509不要使用openssl 命令req:
openssl x509 -text -in certificate.pem
uj5u.com熱心網友回復:
檢查您的證書請求的第一行是否以:
-----BEGIN CERTIFICATE REQUEST-----
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/400427.html
