Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to set subjectAltName using pyOpenSSL?

I need to generate SSL certificates from Python using pyOpenSSL. Does anyone know if it's possible to set subjectAltName? From the documentation (https://pythonhosted.org/pyOpenSSL/api/crypto.html#x509-objects) it doesn't seem so. In fact, only a set_subject method is provided. Is there any way to add that to the certificate?

like image 801
user3725459 Avatar asked Jun 29 '14 11:06

user3725459


People also ask

What is subjectAltName Openssl?

subjectAltName specifies additional subject identities, but for host names (and everything else defined for subjectAltName) : subjectAltName must always be used (RFC 3280 4.2. 1.7, 1. paragraph). CN is only evaluated if subjectAltName is not present and only for compatibility with old, non-compliant software.


1 Answers

san_list = ["DNS:*.google.com", "DNS:google.ym"]
cert.add_extensions([
    OpenSSL.crypto.X509Extension(
        "subjectAltName", False, ", ".join(san_list)
   )
])
like image 160
Vans S Avatar answered Sep 27 '22 23:09

Vans S