diff options
author | NAKAMURA Hiroshi <nahi@keynauts.com> | 2003-07-04 14:15:17 +0000 |
---|---|---|
committer | NAKAMURA Hiroshi <nahi@keynauts.com> | 2003-07-04 14:15:17 +0000 |
commit | ab22314ec14dd1591cbe8842791891fb8f74e071 (patch) | |
tree | 8162aad484e3d2994078717a84b179b0d5bd1b14 | |
parent | b40bb82ef9e865f5d2a162036b2532a3d78dc894 (diff) | |
download | ruby-openssl-history-ab22314ec14dd1591cbe8842791891fb8f74e071.tar.gz |
Refine.
-rw-r--r-- | examples/ca/ca_config.rb | 12 | ||||
-rwxr-xr-x | examples/ca/init_ca.rb | 11 |
2 files changed, 16 insertions, 7 deletions
diff --git a/examples/ca/ca_config.rb b/examples/ca/ca_config.rb index 9ac7d4f..267a4bc 100644 --- a/examples/ca/ca_config.rb +++ b/examples/ca/ca_config.rb @@ -1,6 +1,14 @@ class CAConfig - NAME = [['C','JP'],['O', 'RRR'], ['OU','CA']] - CERT_DAYS = 60 + NAME = [['C','JP'],['O', 'JIN.GR.JP'], ['OU', 'RRR']] + CA_CERT_DAYS = 5 * 365 + CA_RSA_KEY_LENGTH = 2048 + + CERT_DAYS = 365 + CERT_KEY_LENGTH_MIN = 1024 + CERT_KEY_LENGTH_MAX = 2048 + CDP_LOCATION = 'URI:http://rrr.jin.gr.jp/crl/client.crl' + OCSP_LOCATION = 'URI:http://rrr.jin.gr.jp/ocsp' + BASE_DIR = "/home/ca/ruby" KEYPAIR_FILE = "#{BASE_DIR}/private/cakeypair.pem" CERT_FILE = "#{BASE_DIR}/cacert.pem" diff --git a/examples/ca/init_ca.rb b/examples/ca/init_ca.rb index 00524ba..d9309ed 100755 --- a/examples/ca/init_ca.rb +++ b/examples/ca/init_ca.rb @@ -8,25 +8,26 @@ include OpenSSL $stdout.sync = true print "Generating CA keypair: " -keypair = PKey::RSA.new(2048){ putc "." } +keypair = PKey::RSA.new(CAConfig::CA_RSA_KEY_LENGTH) { putc "." } putc "\n" cert = X509::Certificate.new -name = CAConfig::NAME.dup << ['CN','RubyCA'] +name = CAConfig::NAME.dup << ['CN','CA'] cert.subject = cert.issuer = X509::Name.new(name) cert.not_before = Time.now -cert.not_after = Time.now + 60 * 24 * 60 * 60 +cert.not_after = Time.now + CAConfig::CA_CERT_DAYS * 24 * 60 * 60 cert.public_key = keypair.public_key -cert.serial = 0x1000 +cert.serial = 0x0 cert.version = 2 # X509v3 +key_usage = ["cRLSign", "keyCertSign"] ef = X509::ExtensionFactory.new ef.subject_certificate = cert ef.issuer_certificate = cert # we needed subjectKeyInfo inside, now we have it ext1 = ef.create_extension("basicConstraints","CA:TRUE", true) ext2 = ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate") ext3 = ef.create_extension("subjectKeyIdentifier", "hash") -ext4 = ef.create_extension("keyUsage", "cRLSign,keyCertSign") +ext4 = ef.create_extension("keyUsage", key_usage.join(","), true) cert.extensions = [ext1, ext2, ext3, ext4] ext0 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") cert.add_extension(ext0) |