fix CSR_PROFILES import

truenas · Jan 16, 2025 · 9ec29c8 · 9ec29c8
1 parent 4722490
commit 9ec29c8
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/src/middlewared/middlewared/plugins/truenas_connect/cert_utils.py b/src/middlewared/middlewared/plugins/truenas_connect/cert_utils.py
@@ -1,4 +1,3 @@
-from middlewared.api.current import CSRPROFILES
 from middlewared.plugins.crypto_.csr import generate_certificate_signing_request
 
 
@@ -21,6 +20,23 @@ def generate_csr(hostnames: list[str]) -> (str, str):
         'organizational_unit': 'TNC',
         'email': CERT_BOT_EMAIL,
         'digest_algorithm': 'SHA256',
-        'cert_extensions': CSRPROFILES['HTTPS RSA Certificate']['cert_extensions'],
-        # We do not specify a common as domain hostname is bigger then 64 chars and cryptography starts complaining
+        'cert_extensions': {
+            'BasicConstraints': {
+                'enabled': True,
+                'ca': False,
+                'extension_critical': True,
+            },
+            'ExtendedKeyUsage': {
+                'enabled': True,
+                'extension_critical': True,
+                'usages': ['SERVER_AUTH', 'CLIENT_AUTH'],
+            },
+            'KeyUsage': {
+                'enabled': True,
+                'extension_critical': True,
+                'digital_signature': True,
+                'key_encipherment': True,
+                'key_agreement': True,
+            },
+        }
     })