修复bug
This commit is contained in:
parent
78a2a188b9
commit
fed5afd41a
49
app.py
49
app.py
@ -249,24 +249,33 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
|
|||||||
|
|
||||||
# 创建CSR配置文件
|
# 创建CSR配置文件
|
||||||
csr_config = f"""[req]
|
csr_config = f"""[req]
|
||||||
default_bits = {key_size}
|
default_bits = {key_size}
|
||||||
prompt = no
|
prompt = no
|
||||||
default_md = sha256
|
default_md = sha256
|
||||||
distinguished_name = dn
|
distinguished_name = dn
|
||||||
req_extensions = req_ext
|
"""
|
||||||
|
|
||||||
[dn]
|
# 只有在有SAN时才添加扩展部分
|
||||||
CN = {common_name}
|
has_san = bool(san_dns or san_ip)
|
||||||
O = {organization}
|
if has_san:
|
||||||
OU = {organizational_unit}
|
csr_config += "req_extensions = req_ext\n"
|
||||||
C = {country}
|
|
||||||
ST = {state}
|
|
||||||
L = {locality}
|
|
||||||
|
|
||||||
[req_ext]
|
csr_config += f"""
|
||||||
subjectAltName = @alt_names
|
[dn]
|
||||||
|
CN = {common_name}
|
||||||
|
O = {organization}
|
||||||
|
OU = {organizational_unit}
|
||||||
|
C = {country}
|
||||||
|
ST = {state}
|
||||||
|
L = {locality}
|
||||||
|
"""
|
||||||
|
|
||||||
[alt_names]"""
|
if has_san:
|
||||||
|
csr_config += """
|
||||||
|
[req_ext]
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[alt_names]"""
|
||||||
|
|
||||||
# 添加DNS SAN条目
|
# 添加DNS SAN条目
|
||||||
if san_dns:
|
if san_dns:
|
||||||
@ -288,17 +297,27 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
|
|||||||
f.write(csr_config)
|
f.write(csr_config)
|
||||||
|
|
||||||
# 生成CSR
|
# 生成CSR
|
||||||
|
try:
|
||||||
subprocess.run([
|
subprocess.run([
|
||||||
'openssl', 'req', '-new', '-key', key_path, '-out', csr_path,
|
'openssl', 'req', '-new', '-key', key_path, '-out', csr_path,
|
||||||
'-config', config_path
|
'-config', config_path
|
||||||
], check=True)
|
], check=True)
|
||||||
|
except subprocess.CalledProcessError as e:
|
||||||
|
print(f"OpenSSL错误: {e}")
|
||||||
|
print("CSR配置文件内容:")
|
||||||
|
print(csr_config)
|
||||||
|
return None
|
||||||
|
|
||||||
# 使用CA签名证书
|
# 使用CA签名证书
|
||||||
|
try:
|
||||||
subprocess.run([
|
subprocess.run([
|
||||||
'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'],
|
'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'],
|
||||||
'-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path,
|
'-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path,
|
||||||
'-days', str(days_valid), '-sha256'
|
'-days', str(days_valid), '-sha256'
|
||||||
], check=True)
|
], check=True)
|
||||||
|
except subprocess.CalledProcessError as e:
|
||||||
|
print(f"签名证书错误: {e}")
|
||||||
|
return None
|
||||||
|
|
||||||
# 计算过期时间
|
# 计算过期时间
|
||||||
expires_at = datetime.now() + timedelta(days=days_valid)
|
expires_at = datetime.now() + timedelta(days=days_valid)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user