mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Use random serial for CA certificate
This commit is contained in:
parent
a663efd39e
commit
44b6f13669
@ -862,7 +862,10 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
|
|||||||
).not_valid_before(datetime.utcnow()
|
).not_valid_before(datetime.utcnow()
|
||||||
).not_valid_after(
|
).not_valid_after(
|
||||||
datetime.utcnow() + timedelta(days=authority_lifetime)
|
datetime.utcnow() + timedelta(days=authority_lifetime)
|
||||||
).serial_number(1
|
).serial_number(
|
||||||
|
random.randint(
|
||||||
|
0x100000000000000000000000000000000000000,
|
||||||
|
0xfffffffffffffffffffffffffffffffffffffff)
|
||||||
).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True,
|
).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True,
|
||||||
).add_extension(x509.KeyUsage(
|
).add_extension(x509.KeyUsage(
|
||||||
digital_signature=server_flags,
|
digital_signature=server_flags,
|
||||||
|
@ -13,7 +13,8 @@ def test_cli_setup_authority():
|
|||||||
from certidude import const, config
|
from certidude import const, config
|
||||||
|
|
||||||
from certidude import authority
|
from certidude import authority
|
||||||
assert authority.ca_cert.serial_number == 1
|
assert authority.ca_cert.serial_number >= 0x100000000000000000000000000000000000000
|
||||||
|
assert authority.ca_cert.serial_number <= 0xfffffffffffffffffffffffffffffffffffffff
|
||||||
assert authority.ca_cert.not_valid_before < datetime.now()
|
assert authority.ca_cert.not_valid_before < datetime.now()
|
||||||
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user