def create_subcert(certfile, commonname, ip=False, sans=None):
sans = set(sans) if sans else set()
cert = crypto.X509()
cert.set_version(2)
cert.set_serial_number(int((int(time() - sub_serial) + random.random()) * 100)) #setting the only number
subject = cert.get_subject()
subject.countryName = 'CN'
subject.stateOrProvinceName = 'Internet'
subject.localityName = 'Cernet'
subject.organizationalUnitName = '%s Branch' % ca_vendor
subject.commonName = commonname
subject.organizationName = commonname
#????????????????????
cert.gmtime_adj_notBefore(sub_time_b)
cert.gmtime_adj_notAfter(sub_time_a)
cert.set_issuer(ca_subject)
cert.set_pubkey(sub_publickey)
sans.add(commonname)
if not ip:
sans.add('*.' + commonname)
sans = ', '.join('DNS: %s' % x for x in sans)
cert.add_extensions([crypto.X509Extension(b'subjectAltName', True, sans.encode())])
cert.sign(ca_privatekey, ca_digest)
with open(certfile, 'wb') as fp:
fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
评论列表
文章目录
