我正在尝试在ruby中生成自签名证书,但遇到了麻烦 . 这就是我现在所拥有的:
require 'openssl'
if ARGV.length != 3 then
puts "USAGE: #{__FILE__} <type[der|pem]> <private-out> <public-out>"
exit
end
type = ARGV[0].downcase
privateKeyFile = ARGV[1]
publicKeyFile = ARGV[2]
values = [{ 'C' => 'US'},
{'ST' => 'SomeState'},
{ 'L' => 'SomeCity'},
{ 'O' => 'Organization'},
{'OU' => 'Organizational Unit'},
{'CN' => "somesite.com"}]
name = values.collect{ |l| l.collect { |k, v| "/#{k}=#{v}" }.join }.join
key = OpenSSL::PKey::RSA.generate(1024)
pub = key.public_key
ca = OpenSSL::X509::Name.parse(name)
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 1
cert.subject = ca
cert.issuer = ca
cert.public_key = pub
cert.not_before = Time.now
cert.not_before = Time.now + (360 * 24 * 3600)
File.open(privateKeyFile + "." + type, "w") {|f| f.write key.send("to_#{type}") }
File.open(publicKeyFile + "." + type, "w") {|f| f.write cert.send("to_#{type}") }
当我尝试在apache中使用生成的私钥和证书时,我收到此错误:
[Thu Mar 04 10:58:44 2010] [error] Init: Unable to read server certificate from file /etc/ssl/certs/gnarly.pem
[Thu Mar 04 10:58:44 2010] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Mar 04 10:58:44 2010] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
这是我的证书所说的:
-----BEGIN CERTIFICATE-----
<lots of stuff>
-----END CERTIFICATE-----
它自称为证书而不是CSR,这就是我在网上找到的大部分内容都说明了apache2错误(我可能已经将CSR和CERT混淆了) . 我的猜测是我没有生成正确类型的证书 . 也许我必须更改序列或版本属性 . 另外,我不会在任何地方进行任何自我签名,而不是我所知道的 . 我知道你可以这样做:
require "openssl"
key = OpenSSL::PKey::RSA.generate(1024)
signature = key.sign(OpenSSL::Digest::SHA1.new, "data to sign")
提醒:我的目标是生成一个自签名证书,以防我的长期问题失去焦点 .
编辑:我想真正的问题是如何用密钥签署证书
3 回答
我从我在Google搜索中找到的直接从nickyp's gist提取的代码创建了一个帮助类 . 你需要的唯一依赖是openssl gem(
gem install openssl
)Usage:
Output:
webrick/ssl
中有一个create_self_signed_cert
方法,它易于理解和有用 .我已经使用OpenSSL找到了几个非常好的示例来源:
http://snippets.dzone.com/posts/show/6309
http://projects.reductivelabs.com/projects/puppet/repository/revisions/master/entry/lib/puppet/sslcertificates.rb
http://projects.reductivelabs.com/projects/puppet/repository/revisions/master/entry/lib/puppet/sslcertificates/ca.rb
http://projects.reductivelabs.com/projects/puppet/repository/revisions/master/entry/lib/puppet/sslcertificates/certificate.rb
我还没有找到任何好的文档,尽管我认为写下示例中的内容并不需要太长时间 .
我也想出了如何从puppet源代码中做我想做的事情 . 希望这可以帮助那些对ruby中缺少OpenSSL文档感到沮丧的人 .