def _create_csr(self):
LOG.info('[%s] Generating CSR' % self.name)
req = crypto.X509Req()
LOG.debug('[%s] Attaching Certificate Version to CSR: %s' %
(self.name, self.version))
req.set_version(self.version)
subject = req.get_subject()
for (key, value) in self.subject.items():
if value is not None:
LOG.debug('[%s] Attaching %s to CSR: %s' %
(self.name, key, value))
setattr(subject, key, value)
LOG.info('[%s] Attaching SAN extention: %s' %
(self.name, self.subjectAltName))
try:
req.add_extensions([crypto.X509Extension(
bytes('subjectAltName', 'utf-8'), False,
bytes(self.subjectAltName, 'utf-8')
)])
except TypeError:
req.add_extensions([crypto.X509Extension('subjectAltName', False,
self.subjectAltName)])
LOG.debug('[%s] Loading private key: %s/private/%s.key' %
(self.name, self.path, self.name))
privatekey_content = open('%s/private/%s.key' %
(self.path, self.name)).read()
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey_content)
LOG.info('[%s] Signing CSR' % self.name)
req.set_pubkey(privatekey)
req.sign(privatekey, self.digest)
LOG.debug('[%s] Writting CSR: %s/csr/%s.csr' %
(self.name, self.path, self.name))
csr_file = open('%s/csr/%s.csr' % (self.path, self.name), 'w')
csr_file.write((crypto.dump_certificate_request(crypto.FILETYPE_PEM,
req)).decode('utf-8'))
csr_file.close()
评论列表
文章目录
