no start line:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST

Question

Full code below.

    from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime
encryptedpassword = b"yokedicicaner31" #Kullanıcı inputu al, yokedicicaner31, kopyala yapıştır.
key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend())
with open("rsakey.pem","wb") as f: 
    f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
                              format = serialization.PrivateFormat.TraditionalOpenSSL,
                              encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword)))

subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"),
                              x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"),
                              x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derneği"),
                              x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10)
                                                    ).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend())
with open("certificate.pem","wb") as f:
    f.write(cert.public_bytes(serialization.Encoding.PEM))

Full output below.

unable to load X509 request
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
 Expecting: CERTIFICATE REQUEST

I tried to open the certificate file called certificate.pem with "openssl req -text -in certificate.pem" commands but it shooted the error that I wrote at output. This error didnt happen when I built certificate with x509.CertificateSigningRequestBuilder but I get an error when I try to build a self-signed certificate with x509.CertificateBuilder. Thanks for all help.

Answer 1

Check if the first line of your certificate request starts with:

-----BEGIN CERTIFICATE REQUEST-----

Answer 2

It is unclear what you are trying to do here, since you only describe the problems you run into and not what task you are trying to implement at the end. Anyway...

openssl req -text -in certificate.pem

This line expects a certificate request . Your code instead creates a certificate (CertificateBuilder), not a certificate request . The latter would be created with x509.CertificateSigningRequestBuilder, which as expected works with the openssl req command above.

... I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.

It does not look like you get an error when building the self-signed certificate, ie the code to build the certificate works. Instead you get an error when using it with openssl req . This error is expected since you did not provide a certificate request but instead a certificate. For certificates use the x509 openssl command not req :

  openssl x509 -text -in certificate.pem