aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNAKAMURA Hiroshi <nahi@keynauts.com>2003-07-04 14:15:17 +0000
committerNAKAMURA Hiroshi <nahi@keynauts.com>2003-07-04 14:15:17 +0000
commitab22314ec14dd1591cbe8842791891fb8f74e071 (patch)
tree8162aad484e3d2994078717a84b179b0d5bd1b14
parentb40bb82ef9e865f5d2a162036b2532a3d78dc894 (diff)
downloadruby-openssl-history-ab22314ec14dd1591cbe8842791891fb8f74e071.tar.gz
Refine.
Diffstat
-rw-r--r--examples/ca/ca_config.rb12
-rwxr-xr-xexamples/ca/init_ca.rb11
2 files changed, 16 insertions, 7 deletions
diff --git a/examples/ca/ca_config.rb b/examples/ca/ca_config.rb
index 9ac7d4f..267a4bc 100644
--- a/examples/ca/ca_config.rb
+++ b/examples/ca/ca_config.rb
@@ -1,6 +1,14 @@
class CAConfig
- NAME = [['C','JP'],['O', 'RRR'], ['OU','CA']]
- CERT_DAYS = 60
+ NAME = [['C','JP'],['O', 'JIN.GR.JP'], ['OU', 'RRR']]
+ CA_CERT_DAYS = 5 * 365
+ CA_RSA_KEY_LENGTH = 2048
+
+ CERT_DAYS = 365
+ CERT_KEY_LENGTH_MIN = 1024
+ CERT_KEY_LENGTH_MAX = 2048
+ CDP_LOCATION = 'URI:http://rrr.jin.gr.jp/crl/client.crl'
+ OCSP_LOCATION = 'URI:http://rrr.jin.gr.jp/ocsp'
+
BASE_DIR = "/home/ca/ruby"
KEYPAIR_FILE = "#{BASE_DIR}/private/cakeypair.pem"
CERT_FILE = "#{BASE_DIR}/cacert.pem"
diff --git a/examples/ca/init_ca.rb b/examples/ca/init_ca.rb
index 00524ba..d9309ed 100755
--- a/examples/ca/init_ca.rb
+++ b/examples/ca/init_ca.rb
@@ -8,25 +8,26 @@ include OpenSSL
$stdout.sync = true
print "Generating CA keypair: "
-keypair = PKey::RSA.new(2048){ putc "." }
+keypair = PKey::RSA.new(CAConfig::CA_RSA_KEY_LENGTH) { putc "." }
putc "\n"
cert = X509::Certificate.new
-name = CAConfig::NAME.dup << ['CN','RubyCA']
+name = CAConfig::NAME.dup << ['CN','CA']
cert.subject = cert.issuer = X509::Name.new(name)
cert.not_before = Time.now
-cert.not_after = Time.now + 60 * 24 * 60 * 60
+cert.not_after = Time.now + CAConfig::CA_CERT_DAYS * 24 * 60 * 60
cert.public_key = keypair.public_key
-cert.serial = 0x1000
+cert.serial = 0x0
cert.version = 2 # X509v3
+key_usage = ["cRLSign", "keyCertSign"]
ef = X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert # we needed subjectKeyInfo inside, now we have it
ext1 = ef.create_extension("basicConstraints","CA:TRUE", true)
ext2 = ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate")
ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
-ext4 = ef.create_extension("keyUsage", "cRLSign,keyCertSign")
+ext4 = ef.create_extension("keyUsage", key_usage.join(","), true)
cert.extensions = [ext1, ext2, ext3, ext4]
ext0 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
cert.add_extension(ext0)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-22 14:12:02 +0000