我正在尝试使用python加密库创建证书吊销列表。到目前为止,我还没有成功。我能够使用相同的库生成证书。证书可以工作,因为我可以将它们用于与MQTT的连接。问题是当我试图撤销其中一个证书时。然后没有连接工作,我收到一个错误:
如果有人告诉我我做错了什么就好了
提前谢谢
这是我的代码:
# THIS CERTIFICATE I WANT TO REVOKE
cert_to_revoke_data = open("openssl/client2.crt","rb").read()
cert_to_revoke = x509.load_pem_x509_certificate(cert_to_revoke_data,
\backend=default_backend())
pem_cert = open("openssl/ca.crt","rb").read() # MY CA CERT
ca_crt = x509.load_pem_x509_certificate(pem_cert, default_backend())
pem_key = open("openssl/ca.key","rb").read() # MY CA KEY
ca_key = serialization.load_pem_private_key(pem_key,\
password=b"test", backend=default_backend())
pem_crl_data = open("openssl/ca.crl","rb").read() # READ MY EMPTY CRL
crl = x509.load_pem_x509_crl(pem_crl_data, backend=default_backend())
#isinstance(crl.signature_hash_algorithm, hashes.SHA256)
builder = x509.CertificateRevocationListBuilder()
builder = builder.last_update(datetime.datetime.now())
builder = builder.next_update(datetime.datetime.now()\
+ datetime.timedelta(1, 0, 0))
builder = builder.issuer_name(ca_crt.issuer)
revoked_cert = x509.RevokedCertificateBuilder()\
.serial_number(cert_to_revoke.serial_number)\
.revocation_date(datetime.datetime.now())\
.build(backend=default_backend()) # ADD SERIAL NUMBER OF
# CERTIFICATE I WANT TO REVOKE
builder = builder.add_revoked_certificate(revoked_cert)
cert_revocation_list = builder.sign(private_key=ca_key,algorithm=hashes.SHA256()\
,backend=default_backend()) # SIGN NEW CRL
# SAVE CRL FILE
with open("openssl/ca.crl","wb") as f:
f.write(cert_revocation_list.public_bytes(serialization.Encoding.PEM))
编辑
下面是如何使用加密的详细示例:github
目前没有回答
相关问题 更多 >
编程相关推荐