minimal.rb

#!/usr/bin/env ruby

PROJECT_ROOT = File.expand_path('../..', __FILE__)

$:.unshift File.join(PROJECT_ROOT, 'lib')

require 'ssl'
require 'ssl/cli'

require 'certificate_authority'
root = CertificateAuthority::Certificate.new
root.subject.common_name= "http://mydomain.com"
root.serial_number.number=1
root.key_material.generate_key
root.signing_entity = true
signing_profile = {"extensions" => {"keyUsage" => {"usage" => ["critical", "keyCertSign"] }} }
root.sign!(signing_profile)

new_root = CertificateAuthority::Certificate.new
new_root.subject.common_name = root.subject.common_name
new_root.key_material.public_key = root.key_material.public_key
new_root.key_material.private_key = root.key_material.private_key

root_path = File.join(PROJECT_ROOT, "tmp", "root.pem")

File.open(root_path, "w") do |f|
  f.write(root.to_pem)
end

intermediate = CertificateAuthority::Certificate.new
intermediate.subject.common_name= "My snazzy intermediate!"
intermediate.serial_number.number=2
intermediate.key_material.generate_key
intermediate.signing_entity = true
intermediate.parent = new_root
signing_profile = {"extensions" => {"keyUsage" => {"usage" => ["critical", "keyCertSign"] }} }
intermediate.sign!(signing_profile)

intermediate_path = File.join(PROJECT_ROOT, "tmp", "intermediate.pem")

File.open(intermediate_path, "w") do |f|
  f.write(intermediate.to_pem)
end

exec("openssl verify -verbose -CAfile #{root_path} #{intermediate_path}")