[英]passing a list to x509.SubjectAlternativeName from cryptography
Trying to solve how to pass a list of san names to x509.SubjectAlternativeName if looking at the dokumentation at https://cryptography.io/en/latest/x509/tutorial/#determining-certificate-or-certificate-signing-request-key-type Example bellow from page, how can i paste a list instead?如果查看https://cryptography.io/en/latest/x509/tutorial/#determining-certificate-or-certificate-signing-request- 的文档,试图解决如何将 san 名称列表传递给 x509.SubjectAlternativeName页面下方的键类型示例,我如何粘贴列表?
What i want as final result is to pass CN with some SAN name to a function and then create csr我想要的最终结果是将带有一些 SAN 名称的 CN 传递给 function 然后创建 csr
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
# Generate a CSR
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
# Provide various details about who we are.
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"),
])).add_extension(
x509.SubjectAlternativeName([
# Describe what sites we want this certificate for.
x509.DNSName(u"mysite.com"),
x509.DNSName(u"www.mysite.com"),
x509.DNSName(u"subdomain.mysite.com"),
]),
critical=False,
# Sign the CSR with our private key.
).sign(key, hashes.SHA256())
# Write our CSR out to disk.
with open("path/to/csr.pem", "wb") as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
I have tried the following but iam doing something wrong.我尝试了以下方法,但我做错了。
# Generate a CSR with SAN if needed
number_of_san = len(common_name)
print(number_of_san)
san_names = []
if number_of_san >= 1:
print("We have som SAN names")
for san_name in common_name:
print('x509.DNSName(u"{}")'.format(san_name))
san_names.append('x509.DNSName(u"{}")'.format(san_name))
else:
print("No SAN, only CN")
print(san_names)
print(type(san_names))
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
# Provide various details about who we are.
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"),
])).add_extension(
x509.SubjectAlternativeName(
san_names
),
critical=False,
# Sign the CSR with our private key.
).sign(key, hashes.SHA256())
# Write our CSR out to disk.
with open(common_name + ".csr", "wb") as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
if we look what is in the list off san_names如果我们查看 san_names 列表中的内容
x509.DNSName(u"teknik.something.se")
x509.DNSName(u"moln.something.se")
Did solve the problem.确实解决了问题。 Instead of append my own text i could just use the following code.我可以使用以下代码代替 append 我自己的文本。
for san_name in common_name:
san_names.append(x509.DNSName(san_name))
if only i had checked what python3 do with the class in python cli.如果我检查过 python3 在 python cli 中对 class 做了什么就好了。
from cryptography import x509
x509.DNSName(u"mysite.com")
Response:回复:
DNSName(value='mysite.com')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.