Wow I am impressed with the amount of time this takes out of generating my own ca and certificates...Fantastic!
I am wondering about adding extended key usages for this for client auth as well as server certificates?
if type == 'server':
# if server cert specify that the certificate can be used as an SSL
# server certificate
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH,)),
critical=False
)
if hostname and fqdn != hostname:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(hostname), DNSName(fqdn)]),
critical=True
)
else:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(fqdn)]),
critical=True
)
elif type == 'client':
# specify that the certificate can be used as an SSL
# client certificate to enable TLS Web Client Authentication
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.CLIENT_AUTH,)),
critical=False
)
Wow I am impressed with the amount of time this takes out of generating my own ca and certificates...Fantastic!
I am wondering about adding extended key usages for this for client auth as well as server certificates?
if type == 'server':
# if server cert specify that the certificate can be used as an SSL
# server certificate
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH,)),
critical=False
)
if hostname and fqdn != hostname:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(hostname), DNSName(fqdn)]),
critical=True
)
else:
cert_builder = cert_builder.add_extension(
x509.SubjectAlternativeName([DNSName(fqdn)]),
critical=True
)