Clones an SSL certificate

clone_cert.py

#!/usr/bin/env python

from ssl import get_server_certificate
from OpenSSL import crypto
from os.path import exists
from os import remove
from sys import argv
from random import randint

try:
    host = argv[1].split(':')[0]
    if len(argv[1].split(':')) == 2:
        port = int(argv[1].split(':')[1])
    else:
        port = 443
except:
    exit('usage: ' + argv[0].split('/')[-1] + ' www.google.com[:443]')

real_cert = get_server_certificate((host, port))
x509 = crypto.load_certificate(crypto.FILETYPE_PEM, real_cert)
cert_values = dict(x509.get_subject().get_components())

k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)

cert = crypto.X509()
if 'C' in cert_values:
    cert.get_subject().C = cert_values['C']
if 'ST' in cert_values:
    cert.get_subject().ST = cert_values['ST']
if 'L' in cert_values:
    cert.get_subject().L = cert_values['L']
if 'O' in cert_values:
    cert.get_subject().O = cert_values['O']
if 'OU' in cert_values:
    cert.get_subject().OU = cert_values['OU']
if 'CN' in cert_values:
    cert.get_subject().CN = cert_values['CN']
if x509.get_extension_count():
    extensions = []
    for extension in range(0, x509.get_extension_count() - 1):
        try:
            if not 'OCSP' in str(x509.get_extension(extension)):
                extensions.append(x509.get_extension(extension))
        except:
            pass
    cert.add_extensions(extensions)
cert.set_serial_number(randint(10000, 99999))
cert.set_notBefore(x509.get_notBefore())
cert.set_notAfter(x509.get_notAfter())
cert.set_issuer(x509.get_issuer())
cert.set_version(2)
cert.set_pubkey(k)
cert.sign(k, 'sha256')

pem_data  = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
pem_data += crypto.dump_privatekey(crypto.FILETYPE_PEM, k)

if exists('cloned.pem'):
    remove('cloned.pem')
open('cloned.pem', 'w').write(pem_data)

Firefox seems to hate cloned certs from some websites, and I'm not sure how to fix it. Other browsers don't mind, and many sites seem to work fine even with FF.