I need to generate SSL certificates from Python using pyOpenSSL. Does anyone know if it's possible to set subjectAltName? From the documentation (https://pythonhosted.org/pyOpenSSL/api/crypto.html#x509-objects) it doesn't seem so. In fact, only a set_subject method is provided. Is there any way to add that to the certificate?
subjectAltName specifies additional subject identities, but for host names (and everything else defined for subjectAltName) : subjectAltName must always be used (RFC 3280 4.2. 1.7, 1. paragraph). CN is only evaluated if subjectAltName is not present and only for compatibility with old, non-compliant software.
san_list = ["DNS:*.google.com", "DNS:google.ym"]
cert.add_extensions([
OpenSSL.crypto.X509Extension(
"subjectAltName", False, ", ".join(san_list)
)
])
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With