问题描述
我正在尝试使用python密码库创建证书吊销列表。到目前为止,我还没有成功。我可以使用相同的库生成证书。证书有效,因为我能够将其用于与MQTT的连接。问题是当我尝试吊销证书之一时。然后没有任何连接有效,我收到一个错误:
如果有人告诉我我做错了,那会很好。
谢谢。
这是我的代码:
# THIS CERTIFICATE I WANT TO REVOKE
cert_to_revoke_data = open("openssl/client2.crt","rb").read()
cert_to_revoke = x509.load_pem_x509_certificate(cert_to_revoke_data,\backend=default_backend())
pem_cert = open("openssl/ca.crt","rb").read() # MY CA CERT
ca_crt = x509.load_pem_x509_certificate(pem_cert,default_backend())
pem_key = open("openssl/ca.key","rb").read() # MY CA KEY
ca_key = serialization.load_pem_private_key(pem_key,\
password=b"test",backend=default_backend())
pem_crl_data = open("openssl/ca.crl","rb").read() # READ MY EMPTY CRL
crl = x509.load_pem_x509_crl(pem_crl_data,backend=default_backend())
#isinstance(crl.signature_hash_algorithm,hashes.SHA256)
builder = x509.CertificateRevocationListBuilder()
builder = builder.last_update(datetime.datetime.Now())
builder = builder.next_update(datetime.datetime.Now()\
+ datetime.timedelta(1,0))
builder = builder.issuer_name(ca_crt.issuer)
revoked_cert = x509.RevokedCertificateBuilder()\
.serial_number(cert_to_revoke.serial_number)\
.revocation_date(datetime.datetime.Now())\
.build(backend=default_backend()) # ADD SERIAL NUMBER OF
# CERTIFICATE I WANT TO REVOKE
builder = builder.add_revoked_certificate(revoked_cert)
cert_revocation_list = builder.sign(private_key=ca_key,algorithm=hashes.SHA256()\,backend=default_backend()) # SIGN NEW CRL
# SAVE CRL FILE
with open("openssl/ca.crl","wb") as f:
f.write(cert_revocation_list.public_bytes(serialization.Encoding.PEM))
编辑
以下是有关如何使用加密的详细示例:github
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)