没有起始行:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST
no start line:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST
完整代码如下。
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime
encryptedpassword = b"yokedicicaner31" #Kullanıcı inputu al, yokedicicaner31, kopyala yapıştır.
key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend())
with open("rsakey.pem","wb") as f:
f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
format = serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword)))
subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"),
x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derneği"),
x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend())
with open("certificate.pem","wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
完整输出如下。
unable to load X509 request
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
Expecting: CERTIFICATE REQUEST
我尝试使用“openssl req -text -in certificate.pem”命令打开名为 certificate.pem 的证书文件,但它显示了我在输出中写入的错误。当我使用 x509.CertificateSigningRequestBuilder 构建证书时没有发生此错误,但是当我尝试使用 x509.CertificateBuilder 构建自签名证书时出现错误。感谢大家的帮助。
检查您的证书申请的第一行是否以:
开头
-----BEGIN CERTIFICATE REQUEST-----
不清楚您在这里尝试做什么,因为您只描述了您 运行 遇到的问题,而不是您最终要执行的任务。无论如何...
openssl req -text -in certificate.pem
此行需要证书请求。您的代码会创建证书 (CertificateBuilder),而不是证书 request。后者将使用 x509.CertificateSigningRequestBuilder 创建,正如预期的那样,它与上面的 openssl req 命令一起工作。
... I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.
您在构建自签名证书时似乎没有遇到错误,即构建证书的代码有效。相反,将它与 openssl req 一起使用时会出现错误。此错误是预料之中的,因为您没有提供证书 request,而是提供了证书。对于证书,请使用 x509 openssl 命令而不是 req:
openssl x509 -text -in certificate.pem
完整代码如下。
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
import datetime
encryptedpassword = b"yokedicicaner31" #Kullanıcı inputu al, yokedicicaner31, kopyala yapıştır.
key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend())
with open("rsakey.pem","wb") as f:
f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
format = serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword)))
subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"),
x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derneği"),
x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")])
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend())
with open("certificate.pem","wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
完整输出如下。
unable to load X509 request
34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:
Expecting: CERTIFICATE REQUEST
我尝试使用“openssl req -text -in certificate.pem”命令打开名为 certificate.pem 的证书文件,但它显示了我在输出中写入的错误。当我使用 x509.CertificateSigningRequestBuilder 构建证书时没有发生此错误,但是当我尝试使用 x509.CertificateBuilder 构建自签名证书时出现错误。感谢大家的帮助。
检查您的证书申请的第一行是否以:
开头-----BEGIN CERTIFICATE REQUEST-----
不清楚您在这里尝试做什么,因为您只描述了您 运行 遇到的问题,而不是您最终要执行的任务。无论如何...
openssl req -text -in certificate.pem
此行需要证书请求。您的代码会创建证书 (CertificateBuilder),而不是证书 request。后者将使用 x509.CertificateSigningRequestBuilder 创建,正如预期的那样,它与上面的 openssl req 命令一起工作。
... I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.
您在构建自签名证书时似乎没有遇到错误,即构建证书的代码有效。相反,将它与 openssl req 一起使用时会出现错误。此错误是预料之中的,因为您没有提供证书 request,而是提供了证书。对于证书,请使用 x509 openssl 命令而不是 req:
openssl x509 -text -in certificate.pem