@@ -28,6 +28,7 @@ def generate_tls_credentials(
2828 folder_path ,
2929 email_address = "emailAddress" ,
3030 common_name = "default" ,
31+ subject_alt_name = ('DNS:default' ,),
3132 country_name = "CA" ,
3233 locality_name = "localityName" ,
3334 state_or_province_name = "stateOrProvinceName" ,
@@ -42,6 +43,7 @@ def generate_tls_credentials(
4243 folder_path (path-like object): path were the files will be created
4344 email_address (str): your email address
4445 common_name (str): your hostname
46+ subject_alt_name (tuple of str): your subject alt name list
4547 country_name (str): your country code
4648 locality_name (str): your locality name
4749 state_or_province_name (str): your state name
@@ -57,18 +59,26 @@ def generate_tls_credentials(
5759 k = crypto .PKey ()
5860 k .generate_key (crypto .TYPE_RSA , 4096 )
5961 cert = crypto .X509 ()
60- cert .get_subject ().C = country_name
61- cert .get_subject ().ST = state_or_province_name
62- cert .get_subject ().L = locality_name
63- cert .get_subject ().O = organization_name
64- cert .get_subject ().OU = organization_unit_name
65- cert .get_subject ().CN = common_name
66- cert .get_subject ().emailAddress = email_address
67- cert .set_serial_number (serial_number )
62+
63+ subject = cert .get_subject ()
64+ subject .commonName = common_name
65+ subject .emailAddress = email_address
66+ subject .organizationName = organization_name
67+ subject .organizationalUnitName = organization_unit_name
68+ subject .localityName = locality_name
69+ subject .stateOrProvinceName = state_or_province_name
70+ subject .countryName = country_name
71+
72+ cert .set_issuer (subject )
6873 cert .gmtime_adj_notBefore (0 )
6974 cert .gmtime_adj_notAfter (validity_end_in_seconds )
70- cert .set_issuer (cert .get_subject ())
7175 cert .set_pubkey (k )
76+ cert .set_serial_number (serial_number )
77+ cert .set_version (2 ) # for SAN
78+ cert .add_extensions ([
79+ crypto .X509Extension (b'subjectAltName' , False , ',' .join (subject_alt_name ).encode ())
80+ ])
81+
7282 cert .sign (k , 'sha512' )
7383 with open (cert_file , "wt" ) as f :
7484 f .write (crypto .dump_certificate (crypto .FILETYPE_PEM , cert ).decode ("utf-8" ))
@@ -87,6 +97,7 @@ def credentials_generator_tool(custom=False):
8797 folder_path = get_default_keys_folder ()
8898 email_address = "emailAddress"
8999 common_name = "default"
100+ subject_alt_name = ["DNS:" + common_name ]
90101 country_name = "CA"
91102 locality_name = "localityName"
92103 state_or_province_name = "stateOrProvinceName"
@@ -118,6 +129,16 @@ def credentials_generator_tool(custom=False):
118129 common_name = inp
119130 print (common_name )
120131
132+ subject_alt_name = ["DNS:" + common_name ]
133+ print (f"\n Subject alternative name (hostnames, leave empty to stop adding) { subject_alt_name } )
134+ inp = input ()
135+ if inp != "" :
136+ subject_alt_name = []
137+ while inp != "" :
138+ subject_alt_name .append (inp )
139+ inp = input ()
140+ print (subject_alt_name )
141+
121142 print (f"\n Country code [{ country_name } )
122143 inp = input ()
123144 if inp != "" :
@@ -163,6 +184,7 @@ def credentials_generator_tool(custom=False):
163184 generate_tls_credentials (folder_path = folder_path ,
164185 email_address = email_address ,
165186 common_name = common_name ,
187+ subject_alt_name = tuple (subject_alt_name ),
166188 country_name = country_name ,
167189 locality_name = locality_name ,
168190 state_or_province_name = state_or_province_name ,
0 commit comments