-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcert_extensions.py
40 lines (38 loc) · 1.33 KB
/
cert_extensions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from OpenSSL import crypto
# To create your extension:
# Add a type: Root, Intermediate, Leaf
# followed by the parameters as a list.
# Which are the cert extensions
EXTENSIONS = {
"RootCA":
{
"type": "Root",
"parameters":
[
crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'),
crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyCertSign, cRLSign'),
# crypto.X509Extension(b'subjectAltName', False, b'DNS:www.ex.com,IP:1.2.3.4')
]
},
"IntCA":
{
"type": "Intermediate",
"parameters":
[
crypto.X509Extension(b'basicConstraints', True, b'CA:TRUE'),
crypto.X509Extension(b'keyUsage', True, b'digitalSignature, keyCertSign, cRLSign'),
# crypto.X509Extension(b'subjectAltName', False, b'DNS:www.ex.com,IP:1.2.3.4')
]
},
"CN":
{
"type": "Leaf",
"parameters":
[
crypto.X509Extension(b'basicConstraints', False, b'CA:FALSE'),
crypto.X509Extension(b'keyUsage', True, b'digitalSignature, nonRepudiation, keyEncipherment'),
crypto.X509Extension(b'extendedKeyUsage', False, b'serverAuth, clientAuth, emailProtection')
]
},
# New extensions here...\
}