from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes from datetime import datetime, timedelta # 生成私钥 private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, ) # 构建CSR中的主题信息 subject = issuer = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"CN"), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"Beijing"), x509.NameAttribute(NameOID.LOCALITY_NAME, u"Beijing"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"), x509.NameAttribute(NameOID.COMMON_NAME, u""), ]) # 创建CSR csr = x509.CertificateSigningRequestBuilder().subject_name( subject ).add_extension( x509.SubjectAlternativeName([x509.DNSName(u"")]), critical=False, ).sign(private_key, hashes.SHA256()) # 将私钥和CSR写入文件 with open("", "wb") as f: f.write(private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption() )) with open("", "wb") as f: f.write(csr.public_bytes(serialization.Encoding.PEM))