nmcspadden/gist:331c408b03af58e1a20f

## gistfile1.rb
#Create keys
keypair = OpenSSL::PKey::RSA.new 2048

#Create CSR
name = OpenSSL::X509::Name.parse("CN=chef/DC=sacredsf/DC=org")
csr = OpenSSL::X509::Request.new
csr.version = 0
csr.subject = name
csr.public_key = keypair.public_key
csr.sign keypair, OpenSSL::Digest::SHA256.new

#Add extension requests
extensions = []
oid = '1.3.6.1.4.1.34380.1.2.1.1'
value = 'serial'
ext = OpenSSL::X509::Extension.new(oid, OpenSSL::ASN1::UTF8String.new(value.to_s).to_der, false)
extensions << ext
seq = OpenSSL::ASN1::Sequence(extensions)
ext_req = OpenSSL::ASN1::Set([seq])
csr.add_attribute(OpenSSL::X509::Attribute.new("extReq", ext_req))

open 'csr.csr', 'w' do |io| io.write csr.to_pem end

## gistfile2.txt
$ openssl req -text -noout -verify -in csr.csr

        Requested Extensions:
            1.3.6.1.4.1.34380.1.2.1.1:
                ..serial
	#Create keys
	keypair = OpenSSL::PKey::RSA.new 2048

	#Create CSR
	name = OpenSSL::X509::Name.parse("CN=chef/DC=sacredsf/DC=org")
	csr = OpenSSL::X509::Request.new
	csr.version = 0
	csr.subject = name
	csr.public_key = keypair.public_key
	csr.sign keypair, OpenSSL::Digest::SHA256.new

	#Add extension requests
	extensions = []
	oid = '1.3.6.1.4.1.34380.1.2.1.1'
	value = 'serial'
	ext = OpenSSL::X509::Extension.new(oid, OpenSSL::ASN1::UTF8String.new(value.to_s).to_der, false)
	extensions << ext
	seq = OpenSSL::ASN1::Sequence(extensions)
	ext_req = OpenSSL::ASN1::Set([seq])
	csr.add_attribute(OpenSSL::X509::Attribute.new("extReq", ext_req))

	open 'csr.csr', 'w' do \|io\| io.write csr.to_pem end
	$ openssl req -text -noout -verify -in csr.csr

	Requested Extensions:
	1.3.6.1.4.1.34380.1.2.1.1:
	..serial