diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-04 22:00:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-04 22:00:37 +0200 |
commit | 562ead14a6dd1eb9190b9a9f38981423937bfc94 (patch) | |
tree | e8e13e28dc94744747f563f51cdd3ab9e711b359 /src | |
parent | 70efa3dd54bc88a73f21a8c7d2e1eecb65f0508c (diff) | |
parent | b123b46f2e2a674cef3fffb4fc56082f2b1136d6 (diff) | |
download | vyos-1x-562ead14a6dd1eb9190b9a9f38981423937bfc94.tar.gz vyos-1x-562ead14a6dd1eb9190b9a9f38981423937bfc94.zip |
Merge pull request #910 from sarthurdev/pki_ext
pki: T3642: Add standard extensions to generated certificates
Diffstat (limited to 'src')
-rwxr-xr-x | src/op_mode/pki.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index d84aa2618..d7bb0d6ae 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -276,12 +276,12 @@ def generate_certificate_request(private_key=None, key_type=None, return_request print(encode_certificate(cert_req) + "\n") install_certificate(name, private_key=private_key, key_type=key_type, key_passphrase=passphrase, is_ca=False) -def generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=False): +def generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=False, is_sub_ca=False): valid_days = ask_input('Enter how many days certificate will be valid:', default='365' if not is_ca else '1825', numeric_only=True) cert_type = None if not is_ca: cert_type = ask_input('Enter certificate type: (client, server)', default='server', valid_responses=['client', 'server']) - return create_certificate(cert_req, ca_cert, ca_private_key, valid_days, cert_type, is_ca) + return create_certificate(cert_req, ca_cert, ca_private_key, valid_days, cert_type, is_ca, is_sub_ca) def generate_ca_certificate(name, install=False): private_key, key_type = generate_private_key() @@ -347,7 +347,7 @@ def generate_ca_certificate_sign(name, ca_name, install=False): print("Invalid certificate request") return None - cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=True) + cert = generate_certificate(cert_req, ca_cert, ca_private_key, is_ca=True, is_sub_ca=True) passphrase = ask_passphrase() if not install: |