首页
学习
活动
专区
工具
TVP
发布
社区首页 >问答首页 >在Python语言中创建自签名X509证书

在Python语言中创建自签名X509证书
EN

Stack Overflow用户
提问于 2014-11-26 12:29:31
回答 3查看 28.4K关注 0票数 25

我跟随this url创建了一个X509证书。代码是:

代码语言:javascript
复制
from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime

CERT_FILE = "selfsigned.crt"
KEY_FILE = "private.key"

def create_self_signed_cert():

    # create a key pair
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_<wbr>RSA, 1024)

    # create a self-signed cert
    cert = crypto.X509()
    cert.get_subject().C = "UK"
    cert.get_subject().ST = "London"
    cert.get_subject().L = "London"
    cert.get_subject().O = "Dummy Company Ltd"
    cert.get_subject().OU = "Dummy Company Ltd"
    cert.get_subject().CN = gethostname()
    cert.set_serial_number(1000)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60)
    cert.set_issuer(cert.get_<wbr>subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha1')

    open(CERT_FILE, "wt").write(
        crypto.dump_certificate(<wbr>crypto.FILETYPE_PEM, cert))
    open(KEY_FILE, "wt").write(
        crypto.dump_privatekey(crypto.<wbr>FILETYPE_PEM, k))

create_self_signed_cert()

但是当我运行它的时候,代码出了问题。谁能告诉我<wbr>是什么意思?cert.gmtime_adj_notAfter(10*<wbr>365*24*60*60)中有一个SyntaxError。谢谢。

EN

回答 3

Stack Overflow用户

发布于 2020-03-23 03:42:10

适用于python3的版本

代码语言:javascript
复制
from OpenSSL import crypto, SSL

def cert_gen(
    emailAddress="emailAddress",
    commonName="commonName",
    countryName="NT",
    localityName="localityName",
    stateOrProvinceName="stateOrProvinceName",
    organizationName="organizationName",
    organizationUnitName="organizationUnitName",
    serialNumber=0,
    validityStartInSeconds=0,
    validityEndInSeconds=10*365*24*60*60,
    KEY_FILE = "private.key",
    CERT_FILE="selfsigned.crt"):
    #can look at generated file using openssl:
    #openssl x509 -inform pem -in selfsigned.crt -noout -text
    # create a key pair
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_RSA, 4096)
    # create a self-signed cert
    cert = crypto.X509()
    cert.get_subject().C = countryName
    cert.get_subject().ST = stateOrProvinceName
    cert.get_subject().L = localityName
    cert.get_subject().O = organizationName
    cert.get_subject().OU = organizationUnitName
    cert.get_subject().CN = commonName
    cert.get_subject().emailAddress = emailAddress
    cert.set_serial_number(serialNumber)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(validityEndInSeconds)
    cert.set_issuer(cert.get_subject())
    cert.set_pubkey(k)
    cert.sign(k, 'sha512')
    with open(CERT_FILE, "wt") as f:
        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8"))
    with open(KEY_FILE, "wt") as f:
        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8"))

cert_gen()
票数 15
EN

Stack Overflow用户

发布于 2014-11-26 12:39:59

只需删除<wbr>即可。我太傻了

票数 14
EN

Stack Overflow用户

发布于 2019-02-22 07:07:12

这是一个非常有用的问题;因为引用的链接现在已经失效了;这是搜索"python create ssl certificate“的首批结果之一。

不过,我想补充的是,"open(xxx,"wt").write()“稍后会出现问题。由于没有显式关闭该文件,您可能会发现,当您尝试实际使用该文件时,垃圾收集器并未运行,从而导致失败。

最好使用:

代码语言:javascript
复制
with open(xxx, "w") as f:
    f.write()

这将确保文件在您完成时被关闭。

票数 6
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/27164354

复制
相关文章

相似问题

领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档