Allow ExtendedKeyUsageOID and alternative names #95
Comments
|
1 |
|
A fork is available https://github.com/Inqbus/ownca which shows the new functionality. The new functionality is in fact a hack, but it does work. with a given tls_role (have a look at the enum) should produce a cert with this feature. Please give feedback how to proceed from here. Cheers, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wow I am impressed with the amount of time this takes out of generating my own ca and certificates...Fantastic!
I am wondering about adding extended key usages for this for client auth as well as server certificates?
if type == 'server':
# if server cert specify that the certificate can be used as an SSL
# server certificate
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH,)),
critical=False
)
if hostname and fqdn != hostname:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(hostname), DNSName(fqdn)]),
critical=True
)
else:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(fqdn)]),
critical=True
)
The text was updated successfully, but these errors were encountered: