-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow ExtendedKeyUsageOID and alternative names #95
Comments
1 |
A fork is available https://github.com/Inqbus/ownca which shows the new functionality. The new functionality is in fact a hack, but it does work.
with a given tls_role (have a look at the enum) should produce a cert with this feature. Please give feedback how to proceed from here. Cheers, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wow I am impressed with the amount of time this takes out of generating my own ca and certificates...Fantastic!
I am wondering about adding extended key usages for this for client auth as well as server certificates?
if type == 'server':
# if server cert specify that the certificate can be used as an SSL
# server certificate
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH,)),
critical=False
)
if hostname and fqdn != hostname:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(hostname), DNSName(fqdn)]),
critical=True
)
else:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(fqdn)]),
critical=True
)
The text was updated successfully, but these errors were encountered: