tyler.durden/PyKMIP
1
0
Fork 0
mirror of https://github.com/OpenKMIP/PyKMIP.git synced 2025-07-23 14:04:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add a Subject Alternative Name to the example server cert.

Browse Source 
This is often required for hostname verification.
This commit is contained in:
arp102 2022-02-17 11:36:42 -05:00
parent b38b805bf0
commit 69b127c24d
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bin/create_certificates.py
View File

@ -47,7 +47,8 @@ def create_certificate(subject_name,
signing_certificate, signing_certificate,
signing_key, signing_key,
days_valid=365, days_valid=365,
client_auth=False): client_auth=False,
hostname=None):
subject = x509.Name([ subject = x509.Name([
x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."), x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."),
x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name) x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name)
@ -72,6 +73,12 @@ def create_certificate(subject_name,
critical=True critical=True
) )
if hostname:
builder = builder.add_extension(
x509.SubjectAlternativeName([x509.DNSName(hostname)]),
critical=False,
)
certificate = builder.sign( certificate = builder.sign(
signing_key, signing_key,
hashes.SHA256(), hashes.SHA256(),
@ -92,7 +99,8 @@ def main():
u"Server Certificate", u"Server Certificate",
server_key, server_key,
root_certificate, root_certificate,
root_key root_key,
hostname=u"localhost"
) )
john_doe_client_key = create_rsa_private_key() john_doe_client_key = create_rsa_private_key()