summaryrefslogtreecommitdiff
path: root/src/op_mode/pki.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-04 21:37:33 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-04 21:56:44 +0200
commitb123b46f2e2a674cef3fffb4fc56082f2b1136d6 (patch)
tree551eb3b1d98a0fd31880402fe40378a7fed59559 /src/op_mode/pki.py
parent2680712b741631a97be38bff7c0725e4aee79646 (diff)
downloadvyos-1x-b123b46f2e2a674cef3fffb4fc56082f2b1136d6.tar.gz
vyos-1x-b123b46f2e2a674cef3fffb4fc56082f2b1136d6.zip
pki: T3642: Add standard extensions to generated certificates
Diffstat (limited to 'src/op_mode/pki.py')
-rwxr-xr-xsrc/op_mode/pki.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
index d84aa2618..d7bb0d6ae 100755
--- a/src/op_mode/pki.py
+++ b/src/op_mode/pki.py
@@ -276,12 +276,12 @@ def generate_certificate_request(private_key=None, key_type=None, return_request
print(encode_certificate(cert_req) + "\n")
install_certificate(name, private_key=private_key, key_type=key_type, key_passphrase=passphrase, is_ca=False)
-def generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=False):
+def generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=False, is_sub_ca=False):
valid_days = ask_input('Enter how many days certificate will be valid:', default='365' if not is_ca else '1825', numeric_only=True)
cert_type = None
if not is_ca:
cert_type = ask_input('Enter certificate type: (client, server)', default='server', valid_responses=['client', 'server'])
- return create_certificate(cert_req, ca_cert, ca_private_key, valid_days, cert_type, is_ca)
+ return create_certificate(cert_req, ca_cert, ca_private_key, valid_days, cert_type, is_ca, is_sub_ca)
def generate_ca_certificate(name, install=False):
private_key, key_type = generate_private_key()
@@ -347,7 +347,7 @@ def generate_ca_certificate_sign(name, ca_name, install=False):
print("Invalid certificate request")
return None
- cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=True)
+ cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=True, is_sub_ca=True)
passphrase = ask_passphrase()
if not install: