Skip to content

Commit

Permalink
Fix to CA generation script to correctly set X.509 cert to version 3.
Browse files Browse the repository at this point in the history
  • Loading branch information
@philipkershaw
philipkershaw committed Jan 23, 2015
1 parent df3a641 commit 10840ad
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions contrail/security/ca/test/gen_ca_cert.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,22 @@
from OpenSSL import crypto


def gen_ca_cert(dn):
def gen_ca_cert(dn, years_validity=5):
ca_key = crypto.PKey()
ca_key.generate_key(crypto.TYPE_RSA, 2048)

ca_cert = crypto.X509()
ca_cert.set_version(3)

# Versioning is zero indexed!!
x509_version = 3
ca_cert.set_version(x509_version - 1)
ca_cert.set_serial_number(1)
subj = ca_cert.get_subject()
for k, v in dn.items():
setattr(subj, k, v)

ca_cert.gmtime_adj_notBefore(0)
ca_cert.gmtime_adj_notAfter(24 * 60 * 60)
ca_cert.gmtime_adj_notAfter(24 * 60 * 60 * 365 * years_validity)
ca_cert.set_issuer(ca_cert.get_subject())
ca_cert.set_pubkey(ca_key)
ca_cert.add_extensions([
Expand Down

0 comments on commit 10840ad

Please sign in to comment.