[pyOpenSSL] Basic CSR signing issues...
Joshua 'jag' Ginsberg
listspam at flowtheory.net
Mon Nov 3 17:26:41 CET 2008
What am I doing wrong? Why can't I load my cert back into PyOpenSSL?
Python 2.5.2 (r252:60911, Sep 29 2008, 21:10:35)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from OpenSSL import crypto
>>> pkey = crypto.PKey()
>>> pkey.generate_key(crypto.TYPE_RSA, 1024)
>>> open('/tmp/my.key', 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
>>> req = crypto.X509Req()
>>> subject = req.get_subject()
>>> subject.CN = 'secure.example.com'
>>> subject.C = 'US'
>>> subject.ST = 'MA'
>>> subject.L = 'Boston'
>>> subject.O = 'Bitchin Carrot, LLC'
>>> subject.OU = 'Department of Belgian Waffles'
>>> subject.emailAddress = 'certmaster at example.com'
>>> req.set_pubkey(pkey)
>>> req.sign(pkey, 'sha1')
>>> open('/tmp/my.csr', 'w').write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
>>> ca_crt_pem = open('/tmp/ca.crt').read()
>>> ca_crt = crypto.load_certificate(crypto.FILETYPE_PEM, ca_crt_pem)
>>> ca_key_pem = open('/tmp/ca.key').read()
>>> ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM, ca_key_pem)
>>> cert = crypto.X509()
>>> cert.set_serial_number(1)
>>> cert.set_issuer(ca_crt.get_subject())
>>> cert.set_subject(req.get_subject())
>>> cert.set_pubkey(req.get_pubkey())
>>> cert.sign(ca_key, 'sha1')
>>> open('/tmp/my.crt','w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
>>> fail_cert_obj = crypto.load_certificate(crypto.FILETYPE_PEM, open('/tmp/my.crt').read())
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_get_object',
'too long'), ('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'bad object
header'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1
error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested
asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I',
'nested asn1 error'), ('asn1 encoding routines',
'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines',
'PEM_ASN1_read_bio', 'ASN1 lib')]
More information about the pyopenssl-users
mailing list