Ruby script for creating TLS certificates

Ruby
#1

Hi, I’ve coded a Ruby script that creates autosigned TLS certificates
(with advanced features such as SubjectAltName fields for “DNS” and
“URI:sip” values). It’s inspired in a tool within Vines project [*]
and available here:

https://gist.github.com/1352927

However, I would also like to modify the script in order to just
generate a NOT signed certificate, so I can give it to a CA (Verisign,
Thawe…) and ask it to sign it (by paying of course). I think that
this would be achived just by removing all the lines in the script
containing “key” word. Am I correct? or should I do something else?

Thanks a lot.

[*] https://github.com/negativecode/vines

#2

You actually send them what is called a certificate signing request
(CSR).
The OpenSSL::X509::Request class can be used to generate this for you.
It
is signed with your key and includes the public part of the key so that
the
CA can give you a certificate for it.

#3

2011/11/9 John D. [email protected]:

You actually send them what is called a certificate signing request (CSR).
The OpenSSL::X509::Request class can be used to generate this for you. It
is signed with your key and includes the public part of the key so that the
CA can give you a certificate for it.

Good to know :slight_smile:

Thanks a lot.

#4

2011/11/10 Martin Boßlet [email protected]:

You may find an example of how to use X509::Request at

http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL.html

Oh, Ruby OpenSSL doc has been nicely improved :slight_smile:

Thanks a lot.

#5

2011/11/9 Iaki Baz C. [email protected]:

2011/11/9 John D. [email protected]:

You actually send them what is called a certificate signing request (CSR).
The OpenSSL::X509::Request class can be used to generate this for you. It
is signed with your key and includes the public part of the key so that the
CA can give you a certificate for it.

Good to know :slight_smile:

Thanks a lot.

You may find an example of how to use X509::Request at

http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL.html

and further examples can be found in the tests:

https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509req.rb

Regards,
Martin