aboutsummaryrefslogtreecommitdiffstats
path: root/examples/gen_ca_cert.rb
diff options
context:
space:
mode:
Diffstat (limited to 'examples/gen_ca_cert.rb')
-rwxr-xr-xexamples/gen_ca_cert.rb39
1 files changed, 39 insertions, 0 deletions
diff --git a/examples/gen_ca_cert.rb b/examples/gen_ca_cert.rb
new file mode 100755
index 0000000..798a323
--- /dev/null
+++ b/examples/gen_ca_cert.rb
@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+include OpenSSL
+include X509
+include PKey
+
+p key = RSA.new(2048)
+p new = Certificate.new
+name = [['C', 'CZ'],['O','Ruby'],['CN','RubyCA']]
+p new.subject = Name.new(name)
+p new.issuer = Name.new(name)
+p new.not_before = Time.now
+p new.not_after = Time.now + (2*365*24*60*60)
+p new.public_key = key
+p new.serial = 0
+p new.version = 2
+ef = ExtensionFactory.new
+ef.subject_certificate = new
+p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0")
+p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.")
+p ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
+new.extensions = [ext1, ext2, ext3]
+ef.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it
+p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+p new.add_extension(ext4)
+p new.sign(key, Digest::SHA1.new)
+
+f = File.new("./#{new.serial}cert.pem","w")
+f.write new.to_pem
+f.close
+
+puts "Enter Password:"
+p pass = gets.chop!
+
+f = File.new("./#{new.serial}key.pem", "w")
+f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass)
+f.close
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-11 12:16:54 +0000