我正在尝试使用python加密库创建证书吊销列表。到目前为止，我还没有成功。我能够使用相同的库生成证书。证书可以工作，因为我可以将它们用于与MQTT的连接。问题是当我试图撤销其中一个证书时。然后没有连接工作，我收到一个错误：

如果有人告诉我我做错了什么就好了

提前谢谢

这是我的代码：

# THIS CERTIFICATE I WANT TO REVOKE
cert_to_revoke_data = open("openssl/client2.crt","rb").read() 

cert_to_revoke = x509.load_pem_x509_certificate(cert_to_revoke_data,
\backend=default_backend())

pem_cert = open("openssl/ca.crt","rb").read()          # MY CA CERT
ca_crt = x509.load_pem_x509_certificate(pem_cert, default_backend())

pem_key = open("openssl/ca.key","rb").read()           # MY CA KEY
ca_key = serialization.load_pem_private_key(pem_key,\
 password=b"test", backend=default_backend())

pem_crl_data = open("openssl/ca.crl","rb").read()   # READ MY EMPTY CRL

crl = x509.load_pem_x509_crl(pem_crl_data, backend=default_backend())
#isinstance(crl.signature_hash_algorithm, hashes.SHA256)

builder = x509.CertificateRevocationListBuilder()
builder = builder.last_update(datetime.datetime.now())
builder = builder.next_update(datetime.datetime.now()\
 + datetime.timedelta(1, 0, 0))

builder = builder.issuer_name(ca_crt.issuer)

revoked_cert = x509.RevokedCertificateBuilder()\
.serial_number(cert_to_revoke.serial_number)\
.revocation_date(datetime.datetime.now())\
.build(backend=default_backend()) # ADD SERIAL NUMBER OF
                                  # CERTIFICATE I WANT TO REVOKE

builder = builder.add_revoked_certificate(revoked_cert)

cert_revocation_list = builder.sign(private_key=ca_key,algorithm=hashes.SHA256()\
,backend=default_backend()) # SIGN NEW CRL

# SAVE CRL FILE
with open("openssl/ca.crl","wb") as f:
    f.write(cert_revocation_list.public_bytes(serialization.Encoding.PEM))  

编辑

下面是如何使用加密的详细示例：github