ownca
ownca copied to clipboard
Published
20 hours ago •
OwnCA
OwnCA
Allow ExtendedKeyUsageOID and alternative names
Wow I am impressed with the amount of time this takes out of generating my own ca and certificates...Fantastic!
I am wondering about adding extended key usages for this for client auth as well as server certificates?
if type == 'server': # if server cert specify that the certificate can be used as an SSL # server certificate cert_builder = cert_builder.add_extension( x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH,)), critical=False ) if hostname and fqdn != hostname: cert_builder = cert_builder.add_extension( x509.SubjectAlternativeName([DNSName(hostname), DNSName(fqdn)]), critical=True ) else: cert_builder = cert_builder.add_extension( x509.SubjectAlternativeName([DNSName(fqdn)]), critical=True )
elif type == 'client':
# specify that the certificate can be used as an SSL
# client certificate to enable TLS Web Client Authentication
cert_builder = cert_builder.add_extension(
x509.ExtendedKeyUsage((ExtendedKeyUsageOID.CLIENT_AUTH,)),
critical=False
)
