我正在尝试使用python密码库创建证书吊销列表。到目前为止，我还没有成功。我可以使用相同的库生成证书。证书有效，因为我能够将其用于与MQTT的连接。问题是当我尝试吊销证书之一时。然后没有任何连接有效，我收到一个错误：

如果有人告诉我我做错了，那会很好。

谢谢。

这是我的代码：

# THIS CERTIFICATE I WANT TO REVOKE
cert_to_revoke_data = open("openssl/client2.crt","rb").read() 

cert_to_revoke = x509.load_pem_x509_certificate(cert_to_revoke_data,\backend=default_backend())

pem_cert = open("openssl/ca.crt","rb").read()          # MY CA CERT
ca_crt = x509.load_pem_x509_certificate(pem_cert,default_backend())

pem_key = open("openssl/ca.key","rb").read()           # MY CA KEY
ca_key = serialization.load_pem_private_key(pem_key,\
 password=b"test",backend=default_backend())

pem_crl_data = open("openssl/ca.crl","rb").read()   # READ MY EMPTY CRL

crl = x509.load_pem_x509_crl(pem_crl_data,backend=default_backend())
#isinstance(crl.signature_hash_algorithm,hashes.SHA256)

builder = x509.CertificateRevocationListBuilder()
builder = builder.last_update(datetime.datetime.Now())
builder = builder.next_update(datetime.datetime.Now()\
 + datetime.timedelta(1,0))

builder = builder.issuer_name(ca_crt.issuer)

revoked_cert = x509.RevokedCertificateBuilder()\
.serial_number(cert_to_revoke.serial_number)\
.revocation_date(datetime.datetime.Now())\
.build(backend=default_backend()) # ADD SERIAL NUMBER OF
                                  # CERTIFICATE I WANT TO REVOKE

builder = builder.add_revoked_certificate(revoked_cert)

cert_revocation_list = builder.sign(private_key=ca_key,algorithm=hashes.SHA256()\,backend=default_backend()) # SIGN NEW CRL

# SAVE CRL FILE
with open("openssl/ca.crl","wb") as f:
    f.write(cert_revocation_list.public_bytes(serialization.Encoding.PEM))  

编辑

以下是有关如何使用加密的详细示例：github

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）