Created
April 13, 2016 20:23
-
-
Save rhenning/920bb6eede6be19f640149229470d76b to your computer and use it in GitHub Desktop.
Ruby CSR2CRT test CA signer with CN/SAN rewriting (ala some CAs)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'r509' | |
| csr = R509::CSR.new(csr: File.read(ARGV[0])) | |
| ca_csr = R509::CSR.new( | |
| subject: { | |
| CN: 'www.weblinc.com', | |
| O: 'WebLinc Corp', | |
| C: 'US', | |
| ST: 'Pennsylvania', | |
| L: 'Philadelphia' | |
| } | |
| ) | |
| ca_cert = R509::CertificateAuthority::Signer.selfsign(csr: ca_csr) | |
| ca = R509::CertificateAuthority::Signer.new( | |
| R509::Config::CAConfig.new( | |
| ca_cert: R509::Cert.new( | |
| cert: ca_cert.to_pem, | |
| key: ca_csr.key.to_pem | |
| ) | |
| ) | |
| ) | |
| subject = csr.subject.dup | |
| sans = [{ type: 'DNS', value: subject.common_name.dup }] | |
| sans << | |
| if subject.common_name.start_with?('www.') | |
| { type: 'DNS', value: subject.common_name.sub(/^www\./, '') } | |
| else | |
| { type: 'DNS', value: "www.#{subject.common_name}" } | |
| end | |
| ## we've received certificates from some CAs that | |
| ## "adjust" the CN for some terrible reason, so | |
| ## remove the leading www. from the CN if imitating godaddy | |
| if ARGV.include?('--godaddify') | |
| subject.common_name.sub!(/^www\./, '') | |
| end | |
| exts = [] | |
| exts << R509::Cert::Extensions::BasicConstraints.new(ca: false) | |
| exts << R509::Cert::Extensions::SubjectAlternativeName.new(value: sans) | |
| cert = ca.sign( | |
| csr: csr, | |
| subject: subject, | |
| extensions: exts | |
| ) | |
| File.open('site.crt', 'w') do |f| | |
| f.write(cert.to_pem) | |
| end | |
| puts 'Wrote certificate to site.crt!' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment