def create_ca():
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
ca = crypto.X509()
ca.set_version(2)
ca.set_serial_number(0)
subject = ca.get_subject()
subject.countryName = 'CN'
subject.stateOrProvinceName = 'Internet'
subject.localityName = 'Cernet'
subject.organizationName = ca_vendor
subject.organizationalUnitName = '%s Root' % ca_vendor
subject.commonName = '%s CA' % ca_vendor
#????????????????????
ca.gmtime_adj_notBefore(ca_time_b)
ca.gmtime_adj_notAfter(ca_time_a)
ca.set_issuer(subject)
ca.set_pubkey(pkey)
ca.add_extensions([
crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE, pathlen:0'),
crypto.X509Extension(b'extendedKeyUsage', True, b'serverAuth,emailProtection,timeStamping'),
crypto.X509Extension(b'keyUsage', False, b'keyCertSign, cRLSign'),
crypto.X509Extension(b'subjectKeyIdentifier', False, b'hash', subject=ca), ])
ca.sign(pkey, ca_digest)
return pkey, ca
评论列表
文章目录
