Generate a SSL certificate signed by a custom CA with the same subject (common name, organization name, etc..) as the target cert.

forge_cert.rb

## Usage: forge_cert.rb CA.pem CA.key target.pem
##
## Generate an SSL certificate signed by a custom CA with the same
## subject (common name, organization name, etc..) as the target cert.
## This is useful when you need to man-in-the-middle an ssl connection
## and want to use custom certificates with an existing tool or roll
## your own.
##
## Certificate is written to standard out in PEM format.

require 'openssl'

if ARGV.length != 3
  puts "Usage: forge_cert.rb CA.pem CA.key target.pem"
  exit
end

ca_path, key_path, target_path = ARGV

root_key = OpenSSL::PKey::RSA.new File.open(key_path)
root_ca = OpenSSL::X509::Certificate.new File.open(ca_path)
target = OpenSSL::X509::Certificate.new File.open(target_path)

#generate the forged cert
key = OpenSSL::PKey::RSA.new 2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = Random.rand(1000)
cert.subject = target.subject
cert.issuer = root_ca.subject # root CA is the issuer
cert.public_key = key.public_key
cert.not_before = Time.now
cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
ef = OpenSSL::X509::ExtensionFactory.new cert, root_ca
      ef.create_ext("keyUsage","digitalSignature", true)
ef.create_ext("subjectKeyIdentifier","hash",false)
ef.create_ext("basicConstraints","CA:FALSE",false)
cert.sign(root_key, OpenSSL::Digest::SHA256.new)

puts cert.to_pem