diff options
Diffstat (limited to 'examples/gen_ca_cert.rb')
-rwxr-xr-x | examples/gen_ca_cert.rb | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/examples/gen_ca_cert.rb b/examples/gen_ca_cert.rb new file mode 100755 index 0000000..798a323 --- /dev/null +++ b/examples/gen_ca_cert.rb @@ -0,0 +1,39 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p key = RSA.new(2048) +p new = Certificate.new +name = [['C', 'CZ'],['O','Ruby'],['CN','RubyCA']] +p new.subject = Name.new(name) +p new.issuer = Name.new(name) +p new.not_before = Time.now +p new.not_after = Time.now + (2*365*24*60*60) +p new.public_key = key +p new.serial = 0 +p new.version = 2 +ef = ExtensionFactory.new +ef.subject_certificate = new +p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0") +p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") +p ext3 = ef.create_extension("subjectKeyIdentifier", "hash") +new.extensions = [ext1, ext2, ext3] +ef.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it +p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") +p new.add_extension(ext4) +p new.sign(key, Digest::SHA1.new) + +f = File.new("./#{new.serial}cert.pem","w") +f.write new.to_pem +f.close + +puts "Enter Password:" +p pass = gets.chop! + +f = File.new("./#{new.serial}key.pem", "w") +f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass) +f.close + |