Is there a way to make a alternative issuer name with a extension in a x509? My Code so far:
from OpenSSL import crypto
def generate_self_signed_cert(cert_dir, is_valid=True):
"""Generate a SSL certificate.
If the cert_path and the key_path are present they will be overwritten.
"""
#Keys
private_key=crypto.load_privatekey(crypto.FILETYPE_PEM,open("/root/Desktop/Key2","rb").read())
public_key=crypto.load_publickey(crypto.FILETYPE_PEM,open("/root/Desktop/Key1","rb").read())
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = 't'
cert.get_subject().ST = 't'
cert.get_subject().L = 's'
cert.get_subject().O = 'd'
cert.get_subject().OU = 'g'
cert.get_subject().CN = 'g'
cert.set_serial_number(01)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(3655555555)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(public_key)
cert.add_extensions([
crypto.X509Extension("basicConstraints", False, "CA:FALSE"),
crypto.X509Extension("keyUsage", True, "Digital Signature, Non Repudiation"),
])
cert.set_version(2)
cert.sign(private_key, 'sha256')
with open(cert_dir+"Cert.cert", 'w+') as fd:
fd.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
generate_self_signed_cert("/root/Desktop/")
The code works fine. I just need to add a alternative issuer name. That should be done with the extensions, right?
Okay the answer to this question is:
crypto.X509Extension("issuerAltName",False,"email:"+"test")