public
Last active

generate ssl certs

  • Download Gist
cert_generator.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
# GENERATE CERTIFICATES
require 'openssl'
 
class CertGenerator
 
def self.generate
CertGenerator.new.generate
end
 
def generate
create_ca_key
generate_ca_csr
generate_ca_cert
save_ca_cert
create_client_key
generate_client_cert
sign_client_cert
save_client_cert
end
 
private
 
def initialize
subject = 'C=PL/ST=Mazowsze/O=Test Sp. z o.o./OU=IT/CN=Test CA/emailAddress=test@test.com'
@name = OpenSSL::X509::Name.parse subject
@cert_destination = "/certs"
FileUtils.mkdir_p(spec_relative_path(@cert_destination))
@expired_cert_destination = "/certs/expired"
FileUtils.mkdir_p(spec_relative_path(@expired_cert_destination))
end
 
def create_ca_key
@ca_key = OpenSSL::PKey::RSA.new 2048
end
 
def generate_ca_csr
ca_csr = OpenSSL::X509::Request.new
ca_csr.version = 0
ca_csr.subject = @name
ca_csr.public_key = @ca_key.public_key
ca_csr.sign @ca_key, OpenSSL::Digest::SHA1.new
@ca_csr = ca_csr
end
 
def generate_ca_cert
ca_cert = OpenSSL::X509::Certificate.new
ca_cert.version = 2
ca_cert.serial = 0
ca_cert.not_before = Time.now
ca_cert.not_after = ca_cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
ca_cert.public_key = @ca_key.public_key
ca_cert.subject = @name
ca_cert.issuer = @name
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = ca_cert
ef.issuer_certificate = ca_cert
ca_cert.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
ca_cert.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
ca_cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
ca_cert.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
ca_cert.sign(@ca_key, OpenSSL::Digest::SHA256.new)
@ca_cert = ca_cert
end
 
def save_ca_cert
ca_cert_path = spec_relative_path("#{@cert_destination}/root.pem")
File.open(ca_cert_path, 'w+') do |file|
file.write(@ca_cert.to_text)
file.write(@ca_cert.to_pem)
file.close
end
end
 
def create_client_key
@client_key = OpenSSL::PKey::RSA.new 2048
end
 
def generate_client_cert
client_cert = OpenSSL::X509::Certificate.new
client_cert.version = 2
client_cert.serial = 2
client_cert.subject = @name
client_cert.issuer = @ca_cert.subject # root CA is the issuer
client_cert.public_key = @client_key.public_key
client_cert.not_before = Time.now
client_cert.not_after = client_cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = client_cert
ef.issuer_certificate = @ca_cert
client_cert.add_extension(ef.create_extension("keyUsage","digitalSignature", true))
client_cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
@client_cert = client_cert
end
 
def sign_client_cert
@client_cert.sign(@ca_key, OpenSSL::Digest::SHA256.new)
end
 
def save_client_cert
cert_path = spec_relative_path("#{@cert_destination}/client.pem")
File.open(cert_path, 'w+') do |file|
file.write(@client_key.to_pem)
file.write(@client_cert.to_pem)
file.close
end
end
 
def spec_relative_path(relative_path)
File.join( File.dirname(__FILE__), relative_path )
end
end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.