Create self-signed certificate with proper constraints and usages
This commit is contained in:
parent
4989d2f87f
commit
9d90174a1b
@ -27,8 +27,8 @@ def create_selfsigned_cert(domain):
|
||||
.add_extension(x509.SubjectAlternativeName((x509.DNSName(domain), x509.DNSName(f'*.{domain}'))), critical=False) \
|
||||
.add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) \
|
||||
.add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(public_key), critical=False) \
|
||||
.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) \
|
||||
.add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False), critical=True) \
|
||||
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) \
|
||||
.add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False), critical=True) \
|
||||
.add_extension(x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH, ExtendedKeyUsageOID.CLIENT_AUTH)), critical=False) \
|
||||
.sign(private_key, hashes.SHA256(), default_backend())
|
||||
with open(paths.CERT_PUB_FILE, 'wb') as f:
|
||||
|
Loading…
Reference in New Issue
Block a user