no start line:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST

Publish date: 2024-09-20

Full code below.

 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes import datetime encryptedpassword = b"yokedicicaner31" #Kullanıcı inputu al, yokedicicaner31, kopyala yapıştır. key = rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend()) with open("rsakey.pem","wb") as f: f.write(key.private_bytes(encoding=serialization.Encoding.PEM, format = serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.BestAvailableEncryption(encryptedpassword))) subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,u"TR"), x509.NameAttribute(NameOID.LOCALITY_NAME,u"damacaner"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"damacana ve erikli su sevenler derneği"), x509.NameAttribute(NameOID.COMMON_NAME, u"damacaner.tr")]) cert = x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(x509.random_serial_number()).not_valid_before(datetime.datetime.utcnow()).not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10) ).add_extension(x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),critical=False).sign(key, hashes.SHA256(), default_backend()) with open("certificate.pem","wb") as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) 

Full output below.

unable to load X509 request 34359836736:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745: Expecting: CERTIFICATE REQUEST 

I tried to open the certificate file called certificate.pem with "openssl req -text -in certificate.pem" commands but it shooted the error that I wrote at output. This error didnt happen when I built certificate with x509.CertificateSigningRequestBuilder but I get an error when I try to build a self-signed certificate with x509.CertificateBuilder. Thanks for all help.

2 Answers

It is unclear what you are trying to do here, since you only describe the problems you run into and not what task you are trying to implement at the end. Anyway ...

openssl req -text -in certificate.pem

This line expects a certificate request. Your code instead creates a certificate (CertificateBuilder), not a certificate request. The latter would be created with x509.CertificateSigningRequestBuilder, which as expected works with the openssl req command above.

... I get an error when I try to build a self-signed certificate with x509.CertificateBuilder.

It does not look like you get an error when building the self-signed certificate, i.e. the code to build the certificate works. Instead you get an error when using it with openssl req. This error is expected since you did not provide a certificate request but instead a certificate. For certificates use the x509 openssl command not req:

 openssl x509 -text -in certificate.pem 

Check if the first line of your certificate request starts with:

-----BEGIN CERTIFICATE REQUEST----- 
1

ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJobmltY2uGcXyOp6Zmq6SWv7V5y6Klnpuirr21u4ypnKZloJq6brjIm2Scb2Rqsrm8xJyroqaXYrCmvtOinaKbkamybr7Eqqyeq6Q%3D