pyOpenSSL X509 extension syntax error while adding authorityInfoAccess (AuthorityInfoAccessSyntax)

Question

I'm trying to add an authorityInfoAccess extension to an X509 Certificate using pyOpenSSL library version 0.13

Running

import OpenSSL
url = 'URI:https://localhost:12345'
ext = OpenSSL.crypto.X509Extension('authorityInfoAccess', 0, url)
cert.add_extensions([ext])

Error

('X509 V3 routines', 'V2I_AUTHORITY_INFO_ACCESS', 'invalid syntax')
('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')

So I tried various Syntax for my extension (doesn't work either):

'authorityInfoAccess:1.3.6.1.5.5.7.1.1;URI:https://localhost:12345'

score 0 · Answer 1 · answered Feb 08 '17 at 09:41

After looking around in documentations, I ended up into the OpenSSL doc: https://www.openssl.org/docs/man1.0.1/apps/x509v3_config.html

And I found out that it is as simple as this:

'caIssuers;URI:https://localhost:12345'

The result in extensions is the following:

X509v3 extensions:
    X509v3 Basic Constraints: critical
        CA:TRUE
    X509v3 Subject Alternative Name: 
        URI:urn:publicid:IDN+myCA:loic_baron+authority+sa, URI:urn:uuid:25f08be1-f79e-3572-b8ee-610344119bc9, email:loic.baron@domain.fr
    Authority Information Access: 
        CA Issuers - URI:https://localhost:12345

pyOpenSSL X509 extension syntax error while adding authorityInfoAccess (AuthorityInfoAccessSyntax)

1 Answers1