没有起始行:crypto/pem/pem_lib.c:745:期望:证书请求
[英]no start line:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST
问题描述
Full code below.
完整代码如下。
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime
encryptedpassword = b"yokedicicaner31" #Kullanıcı inputu al, yokedicicaner31, kopyala yapıştır.
key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend())
with open("rsakey.pem","wb") as f:
f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
format = serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword)))
subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"),
x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derneği"),
x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend())
with open("certificate.pem","wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
Full output below.完整的 output 下面。
unable to load X509 request
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
Expecting: CERTIFICATE REQUEST
I tried to open the certificate file called certificate.pem with "openssl req -text -in certificate.pem" commands but it shooted the error that I wrote at output.我尝试使用“openssl req -text -in certificate.pem”命令打开名为 certificate.pem 的证书文件,但它触发了我在 output 中编写的错误。 This error didnt happen when I built certificate with x509.CertificateSigningRequestBuilder but I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.当我使用 x509.CertificateSigningRequestBuilder 构建证书时没有发生此错误,但是当我尝试使用 x509.CertificateBuilder 构建自签名证书时出现错误。 Thanks for all help.感谢所有帮助。
2 个解决方案
解决方案1
0 2021-12-30 21:36:46
Check if the first line of your certificate request starts with:检查您的证书请求的第一行是否以:
-----BEGIN CERTIFICATE REQUEST-----
解决方案2
0 2021-12-30 21:59:01
It is unclear what you are trying to do here, since you only describe the problems you run into and not what task you are trying to implement at the end.目前尚不清楚您要在这里做什么,因为您只描述了您遇到的问题,而不是您最终要执行的任务。 Anyway...反正...
openssl req -text -in certificate.pem
This line expects a certificate request .此行需要一个证书请求。 Your code instead creates a certificate (CertificateBuilder), not a certificate request .您的代码改为创建证书 (CertificateBuilder),而不是证书请求。 The latter would be created with x509.CertificateSigningRequestBuilder, which as expected works with the openssl req command above.后者将使用 x509.CertificateSigningRequestBuilder 创建,正如预期的那样,它可以与上面的openssl req命令一起使用。
... I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.
It does not look like you get an error when building the self-signed certificate, ie the code to build the certificate works.在构建自签名证书时,您似乎没有遇到错误,即构建证书的代码有效。 Instead you get an error when using it with openssl req .相反,将它与openssl req一起使用时会出现错误。 This error is expected since you did not provide a certificate request but instead a certificate.此错误是预期的,因为您没有提供证书请求,而是提供了证书。 For certificates use the x509 openssl command not req :对于证书,请使用x509 openssl 命令而不是req :
openssl x509 -text -in certificate.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.