Create self-signed certificate with proper constraints and usages

This commit is contained in:
Disassembler 2020-04-10 19:21:07 +02:00
parent 4989d2f87f
commit 9d90174a1b
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499

View File

@ -27,8 +27,8 @@ def create_selfsigned_cert(domain):
.add_extension(x509.SubjectAlternativeName((x509.DNSName(domain), x509.DNSName(f'*.{domain}'))), critical=False) \
.add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) \
.add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(public_key), critical=False) \
.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) \
.add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False), critical=True) \
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) \
.add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False), critical=True) \
.add_extension(x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH, ExtendedKeyUsageOID.CLIENT_AUTH)), critical=False) \
.sign(private_key, hashes.SHA256(), default_backend())
with open(paths.CERT_PUB_FILE, 'wb') as f: