wzj/certmanager
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

修复根证书信任问题

Browse Source
This commit is contained in:
wzj 2025-06-15 07:03:27 +08:00
parent 35165bd58b
commit afa61f7a04
1 changed files with 37 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app.py
View File

@ -389,8 +389,14 @@ default_bits = {key_size}
prompt = no prompt = no
default_md = sha256 default_md = sha256
distinguished_name = dn distinguished_name = dn
req_extensions = req_ext """
# 只有在有SAN时才添加扩展部分
has_san = bool(san_dns or san_ip)
if has_san:
csr_config += "req_extensions = req_ext\n"
csr_config += f"""
[dn] [dn]
CN = {common_name} CN = {common_name}
O = {organization} O = {organization}
@ -398,7 +404,10 @@ OU = {organizational_unit}
C = {country} C = {country}
ST = {state} ST = {state}
L = {locality} L = {locality}
"""
if has_san:
csr_config += """
[req_ext] [req_ext]
basicConstraints = CA:FALSE basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment keyUsage = digitalSignature, keyEncipherment
@ -407,12 +416,13 @@ extendedKeyUsage = serverAuth, clientAuth
[alt_names]""" [alt_names]"""
# 添加SAN条目 # 添加DNS SAN条目
if san_dns: if san_dns:
dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()] dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()]
for i, dns in enumerate(dns_entries, 1): for i, dns in enumerate(dns_entries, 1):
csr_config += f"\nDNS.{i} = {dns}" csr_config += f"\nDNS.{i} = {dns}"
# 添加IP SAN条目
if san_ip: if san_ip:
ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()] ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()]
for i, ip in enumerate(ip_entries, 1): for i, ip in enumerate(ip_entries, 1):