certgen.rb

require 'rubygems'
require 'openssl'
key = OpenSSL::PKey::RSA.new(4096)
cipher = OpenSSL::Cipher::AES.new(128, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
public_key = key.public_key
printf "Common Name: "
cn = gets
commonname = cn.chomp
printf "Orgnization: "
org = gets
printf "Orgnizational Unit: "
orgu = gets
printf "Country: " 
country = gets
subject = "CN=#{commonname}/O=#{org}/OU=#{orgu}/C=#{country}/"
puts "Password for key: "
pass_phrase = gets
cert = OpenSSL::X509::Certificate.new
cert.subject = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + 365+365+365+365 * 24 * 60 * 60
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
raw = File.read "root.cer"
puts raw
ef.issuer_certificate = OpenSSL::X509::Certificate.new raw
ef.subject_certificate = cert
cert.issuer = ef.issuer_certificate.subject
cert.serial = ef.issuer_certificate.serial
ctx.key = ef.issuer_certificate.public_key
cert.public_key = ctx.key
ctx.cert = ef.issuer_certificate
cert.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
cert.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",true))
cert.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",true))
puts "Signing Certificate"
root = puts ef.issuer_certificate.sign(key, OpenSSL::Digest::SHA256.new)
cer = puts cert.to_pem  
file = File.open("#{commonname}"".pem", "w")
file.syswrite("#{cert.to_pem}")
files = File.open("rootca"".pem", "w")
files.syswrite("#{ef.issuer_certificate.sign(key, OpenSSL::Digest::SHA256.new)}")
puts "Certificate Saved to #{commonname}.pem"
puts "Hijacked Root CA saved to rootca.pem"