修复bug

app.py

@@ -253,8 +253,14 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
 prompt = no
 default_md = sha256
 distinguished_name = dn
-    req_extensions = req_ext
+"""
 
+    # 只有在有SAN时才添加扩展部分
+    has_san = bool(san_dns or san_ip)
+    if has_san:
+        csr_config += "req_extensions = req_ext\n"
+
+    csr_config += f"""
 [dn]
 CN = {common_name}
 O = {organization}
@@ -262,7 +268,10 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
 C = {country}
 ST = {state}
 L = {locality}
+"""
 
+    if has_san:
+        csr_config += """
 [req_ext]
 subjectAltName = @alt_names
 
@@ -288,17 +297,27 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
         f.write(csr_config)
 
     # 生成CSR
+    try:
         subprocess.run([
             'openssl', 'req', '-new', '-key', key_path, '-out', csr_path,
             '-config', config_path
         ], check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"OpenSSL错误: {e}")
+        print("CSR配置文件内容:")
+        print(csr_config)
+        return None
 
     # 使用CA签名证书
+    try:
         subprocess.run([
             'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'],
             '-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path,
             '-days', str(days_valid), '-sha256'
         ], check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"签名证书错误: {e}")
+        return None
 
     # 计算过期时间
     expires_at = datetime.now() + timedelta(days=days_valid)