Hexa · August 29, 2015 14:24
diff --git a/gistfile1.rb b/gistfile1.rb
 #!/usr/bin/env ruby
 # -*- coding: utf-8 -*-

 require 'openssl'

 # ルート
 old_root_ca_private_key = OpenSSL::PKey::RSA.new(2048)
 old_root_ca_cert = OpenSSL::X509::Certificate.new
 old_root_ca_cert.version = 2
 issuer = subject = OpenSSL::X509::Name.new
 issuer.add_entry('CN', 'Old Root')
 old_root_ca_cert.issuer = issuer
 old_root_ca_cert.subject = subject

 now = Time.now
 old_root_ca_cert.not_before = now
 old_root_ca_cert.not_after = now + 7 * 24 * 60 * 60

 old_root_ca_cert.serial = 1
 old_root_ca_cert.public_key = old_root_ca_private_key
 extension_factory = OpenSSL::X509::ExtensionFactory.new
 old_root_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE', true))

 md5 = OpenSSL::Digest::MD5.new
 old_root_ca_cert.sign(old_root_ca_private_key, md5)

 puts old_root_ca_cert.to_text

 File.open('old_root.pem', 'wb') do |file|
 file.puts old_root_ca_cert.to_text
 file.puts old_root_ca_cert.to_pem
 end

 File.open('old_root.key', 'wb') do |file|
 file.puts old_root_ca_private_key.to_pem
 end


 # 中間
 ca_private_key = OpenSSL::PKey::RSA.new(2048)
 ca_cert = OpenSSL::X509::Certificate.new
 ca_cert.version = 2
 subject = OpenSSL::X509::Name.new
 subject.add_entry('CN', 'CA')
 ca_cert.issuer = issuer
 ca_cert.subject = subject

 ca_cert.not_before = now
 ca_cert.not_after = now + 7 * 24 * 60 * 60

 ca_cert.serial = 2
 ca_cert.public_key = ca_private_key
 ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE, pathlen:0', true))

 sha256 = OpenSSL::Digest::SHA256.new
 ca_cert.sign(old_root_ca_private_key, sha256)

 puts ca_cert.to_text
 File.open('ca.pem', 'wb') do |file|
 file.puts ca_cert.to_text
 file.puts ca_cert.to_pem
 end

 File.open('ca.key', 'wb') do |file|
 file.puts ca_private_key.to_pem
 end


 # サーバ
 server_private_key = OpenSSL::PKey::RSA.new(2048)
 server_cert = OpenSSL::X509::Certificate.new
 server_cert.version = 2
 server_subject = OpenSSL::X509::Name.new
 server_subject.add_entry('CN', 'www.example.com')
 server_cert.issuer = subject
 server_cert.subject = server_subject

 server_cert.not_before = now
 server_cert.not_after = now + 7 * 24 * 60 * 60

 server_cert.serial = 3
 server_cert.public_key = server_private_key
 server_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:FALSE', true))
 server_cert.add_extension(extension_factory.create_ext('extendedKeyUsage', 'TLS Web Server Authentication, TLS Web Client Authentication'))
 server_cert.add_extension(extension_factory.create_ext('keyUsage', 'Digital Signature, Key Encipherment', true))

 server_cert.sign(ca_private_key, sha256)

 puts server_cert.to_text
 File.open('server.pem', 'wb') do |file|
 file.puts server_cert.to_text
 file.puts server_cert.to_pem
 end

 File.open('server.key', 'wb') do |file|
 file.puts server_private_key.to_pem
 end



 # 新ルート
 new_root_ca_private_key = OpenSSL::PKey::RSA.new(2048)
 new_root_ca_cert = OpenSSL::X509::Certificate.new
 new_root_ca_cert.version = 2
 issuer = subject = OpenSSL::X509::Name.new
 issuer.add_entry('CN', 'New Root')
 new_root_ca_cert.issuer = issuer
 new_root_ca_cert.subject = subject

 new_root_ca_cert.not_before = now
 new_root_ca_cert.not_after = now + 7 * 24 * 60 * 60

 new_root_ca_cert.serial = 1
 new_root_ca_cert.public_key = new_root_ca_private_key
 extension_factory = OpenSSL::X509::ExtensionFactory.new
 new_root_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE', true))

 new_root_ca_cert.sign(new_root_ca_private_key, sha256)

 puts new_root_ca_cert.to_text
 File.open('new_root.pem', 'wb') do |file|
 file.puts new_root_ca_cert.to_text
 file.puts new_root_ca_cert.to_pem
 end

 File.open('new_root.key', 'wb') do |file|
 file.puts new_root_ca_private_key.to_pem
 end


 # クロス
 cross_ca_cert = OpenSSL::X509::Certificate.new
 cross_ca_cert.version = 2
 subject = OpenSSL::X509::Name.new
 subject.add_entry('CN', 'Old Root')
 cross_ca_cert.issuer = issuer
 cross_ca_cert.subject = subject

 cross_ca_cert.not_before = now
 cross_ca_cert.not_after = now + 7 * 24 * 60 * 60

 cross_ca_cert.serial = 2
 cross_ca_cert.public_key = old_root_ca_private_key
 cross_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE, pathlen:1', true))

 cross_ca_cert.sign(new_root_ca_private_key, sha256)

 puts cross_ca_cert.to_text
 File.open('cross_ca.pem', 'wb') do |file|
 file.puts cross_ca_cert.to_text
 file.puts cross_ca_cert.to_pem
 end

 File.open('cross_ca.key', 'wb') do |file|
 file.puts old_root_ca_private_key.to_pem
 end
	#!/usr/bin/env ruby
	# -- coding: utf-8 --

	require 'openssl'

	# ルート
	old_root_ca_private_key = OpenSSL::PKey::RSA.new(2048)
	old_root_ca_cert = OpenSSL::X509::Certificate.new
	old_root_ca_cert.version = 2
	issuer = subject = OpenSSL::X509::Name.new
	issuer.add_entry('CN', 'Old Root')
	old_root_ca_cert.issuer = issuer
	old_root_ca_cert.subject = subject

	now = Time.now
	old_root_ca_cert.not_before = now
	old_root_ca_cert.not_after = now + 7 * 24 * 60 * 60

	old_root_ca_cert.serial = 1
	old_root_ca_cert.public_key = old_root_ca_private_key
	extension_factory = OpenSSL::X509::ExtensionFactory.new
	old_root_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE', true))

	md5 = OpenSSL::Digest::MD5.new
	old_root_ca_cert.sign(old_root_ca_private_key, md5)

	puts old_root_ca_cert.to_text

	File.open('old_root.pem', 'wb') do \|file\|
	file.puts old_root_ca_cert.to_text
	file.puts old_root_ca_cert.to_pem
	end

	File.open('old_root.key', 'wb') do \|file\|
	file.puts old_root_ca_private_key.to_pem
	end


	# 中間
	ca_private_key = OpenSSL::PKey::RSA.new(2048)
	ca_cert = OpenSSL::X509::Certificate.new
	ca_cert.version = 2
	subject = OpenSSL::X509::Name.new
	subject.add_entry('CN', 'CA')
	ca_cert.issuer = issuer
	ca_cert.subject = subject

	ca_cert.not_before = now
	ca_cert.not_after = now + 7 * 24 * 60 * 60

	ca_cert.serial = 2
	ca_cert.public_key = ca_private_key
	ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE, pathlen:0', true))

	sha256 = OpenSSL::Digest::SHA256.new
	ca_cert.sign(old_root_ca_private_key, sha256)

	puts ca_cert.to_text
	File.open('ca.pem', 'wb') do \|file\|
	file.puts ca_cert.to_text
	file.puts ca_cert.to_pem
	end

	File.open('ca.key', 'wb') do \|file\|
	file.puts ca_private_key.to_pem
	end


	# サーバ
	server_private_key = OpenSSL::PKey::RSA.new(2048)
	server_cert = OpenSSL::X509::Certificate.new
	server_cert.version = 2
	server_subject = OpenSSL::X509::Name.new
	server_subject.add_entry('CN', 'www.example.com')
	server_cert.issuer = subject
	server_cert.subject = server_subject

	server_cert.not_before = now
	server_cert.not_after = now + 7 * 24 * 60 * 60

	server_cert.serial = 3
	server_cert.public_key = server_private_key
	server_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:FALSE', true))
	server_cert.add_extension(extension_factory.create_ext('extendedKeyUsage', 'TLS Web Server Authentication, TLS Web Client Authentication'))
	server_cert.add_extension(extension_factory.create_ext('keyUsage', 'Digital Signature, Key Encipherment', true))

	server_cert.sign(ca_private_key, sha256)

	puts server_cert.to_text
	File.open('server.pem', 'wb') do \|file\|
	file.puts server_cert.to_text
	file.puts server_cert.to_pem
	end

	File.open('server.key', 'wb') do \|file\|
	file.puts server_private_key.to_pem
	end



	# 新ルート
	new_root_ca_private_key = OpenSSL::PKey::RSA.new(2048)
	new_root_ca_cert = OpenSSL::X509::Certificate.new
	new_root_ca_cert.version = 2
	issuer = subject = OpenSSL::X509::Name.new
	issuer.add_entry('CN', 'New Root')
	new_root_ca_cert.issuer = issuer
	new_root_ca_cert.subject = subject

	new_root_ca_cert.not_before = now
	new_root_ca_cert.not_after = now + 7 * 24 * 60 * 60

	new_root_ca_cert.serial = 1
	new_root_ca_cert.public_key = new_root_ca_private_key
	extension_factory = OpenSSL::X509::ExtensionFactory.new
	new_root_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE', true))

	new_root_ca_cert.sign(new_root_ca_private_key, sha256)

	puts new_root_ca_cert.to_text
	File.open('new_root.pem', 'wb') do \|file\|
	file.puts new_root_ca_cert.to_text
	file.puts new_root_ca_cert.to_pem
	end

	File.open('new_root.key', 'wb') do \|file\|
	file.puts new_root_ca_private_key.to_pem
	end


	# クロス
	cross_ca_cert = OpenSSL::X509::Certificate.new
	cross_ca_cert.version = 2
	subject = OpenSSL::X509::Name.new
	subject.add_entry('CN', 'Old Root')
	cross_ca_cert.issuer = issuer
	cross_ca_cert.subject = subject

	cross_ca_cert.not_before = now
	cross_ca_cert.not_after = now + 7 * 24 * 60 * 60

	cross_ca_cert.serial = 2
	cross_ca_cert.public_key = old_root_ca_private_key
	cross_ca_cert.add_extension(extension_factory.create_ext('basicConstraints', 'CA:TRUE, pathlen:1', true))

	cross_ca_cert.sign(new_root_ca_private_key, sha256)

	puts cross_ca_cert.to_text
	File.open('cross_ca.pem', 'wb') do \|file\|
	file.puts cross_ca_cert.to_text
	file.puts cross_ca_cert.to_pem
	end

	File.open('cross_ca.key', 'wb') do \|file\|
	file.puts old_root_ca_private_key.to_pem
	end