-
-
Save dkam/a1c656596fe1b08d4f8f to your computer and use it in GitHub Desktop.
create a self-signed certificate using ruby-openssl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'openssl' | |
| def create_self_signed_cert(bits=2048) | |
| key = OpenSSL::PKey::RSA.new(2048) | |
| public_key = key.public_key | |
| subject = "/C=BE/O=Fable/OU=Fable/CN=Fable" | |
| cert = OpenSSL::X509::Certificate.new | |
| cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject) | |
| cert.not_before = Time.now | |
| cert.not_after = Time.now + 365 * 24 * 60 * 60 | |
| cert.public_key = public_key | |
| cert.serial = 0x0 | |
| cert.version = 2 | |
| ef = OpenSSL::X509::ExtensionFactory.new | |
| ef.subject_certificate = cert | |
| ef.issuer_certificate = cert | |
| cert.extensions = [ | |
| ef.create_extension("basicConstraints","CA:TRUE", true), | |
| ef.create_extension("subjectKeyIdentifier", "hash"), | |
| # ef.create_extension("keyUsage", "cRLSign,keyCertSign", true), | |
| ] | |
| cert.add_extension ef.create_extension("authorityKeyIdentifier", | |
| "keyid:always,issuer:always") | |
| cert.sign key, OpenSSL::Digest::SHA256.new | |
| return cert, key | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # From https://github.com/ruby/ruby/blob/trunk/lib/webrick/ssl.rb | |
| require 'openssl' | |
| def create_self_signed_cert(bits, cn, comment) | |
| rsa = OpenSSL::PKey::RSA.new(bits){|p, n| | |
| case p | |
| when 0; $stderr.putc "." # BN_generate_prime | |
| when 1; $stderr.putc "+" # BN_generate_prime | |
| when 2; $stderr.putc "*" # searching good prime, | |
| # n = #of try, | |
| # but also data from BN_generate_prime | |
| when 3; $stderr.putc "\n" # found good prime, n==0 - p, n==1 - q, | |
| # but also data from BN_generate_prime | |
| else; $stderr.putc "*" # BN_generate_prime | |
| end | |
| } | |
| cert = OpenSSL::X509::Certificate.new | |
| cert.version = 2 | |
| cert.serial = 1 | |
| name = OpenSSL::X509::Name.new(cn) | |
| cert.subject = name | |
| cert.issuer = name | |
| cert.not_before = Time.now | |
| cert.not_after = Time.now + (365*24*60*60) | |
| cert.public_key = rsa.public_key | |
| ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) | |
| ef.issuer_certificate = cert | |
| cert.extensions = [ | |
| ef.create_extension("basicConstraints","CA:FALSE"), | |
| ef.create_extension("keyUsage", "keyEncipherment"), | |
| ef.create_extension("subjectKeyIdentifier", "hash"), | |
| ef.create_extension("extendedKeyUsage", "serverAuth"), | |
| ef.create_extension("nsComment", comment), | |
| ] | |
| aki = ef.create_extension("authorityKeyIdentifier", | |
| "keyid:always,issuer:always") | |
| cert.add_extension(aki) | |
| cert.sign(rsa, OpenSSL::Digest::SHA1.new) | |
| return [ cert, rsa ] | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment