Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > Ruby + openssl + self signed certificates = confusion

Reply
Thread Tools

Ruby + openssl + self signed certificates = confusion

 
 
Neumann
Guest
Posts: n/a
 
      08-11-2006
I'm trying to work a bit of CA ability into some code that I'm writing,
and I need to create a self-signed certificate. This is not going so
well. I'm able to create the certificate, and it seems to work OK,
until I save it. The sample code I use to create a test certificate is
as follows:

entries = {"countryName" => "USA", "stateOrProvinceName" => "New
Mexico", "localityName" => "Albuquerque", "organizationName" => "That
group of dudes", "organizationalUnitName" => "The cool dudes",
"commonName" => "William D. Neumann"}
keypair2048 = PKey::RSA.new(204 { putc "." }
name = X509::Name.new()
entries.each { |_k,_v| name.add_entry(_k,_v) }
cert = Certificate.new
cert.public_key = keypair2048.public_key
cert.subject = name
cert.issuer = name
cert.version = 2
now = Time.now.utc
next_year = now + (365 * 24 * 60 * 60)
cert.not_before = now
cert.not_after = next_year
ef = ExtensionFactory.new
bc = ef.create_extension("basicConstraints", "CA:TRUE")
ku = ef.create_extension("keyUsage", "keyEncipherment,
digitalSignature")
cert.extensions = [bc, ku]
cert.sign(keypair2048, Digest::SHA1.new)

Now, when I test the signature on this certificate, all is well:
irb(main):099:0> cert.verify cert.public_key
=> true

But if I save the certificate and read it back in, I have no such luck:
File.open("newcert.pem","w") do |_file|
_file << cert.to_pem
end

newcert = Certificate.new(File.read "newcert.pem")
irb(main):105:0> newcert.verify newcert.public_key
=> false
irb(main):106:0> newcert.verify cert.public_key
=> false

But oddly enough, this works.

irb(main):107:0> cert.verify newcert.public_key
=> true

Also, if I create a different certificate, and sign it using cert's
key, I can save it, read it back in and verify it with cert's public
key (and newcert's as well) just fine. Does anyone know what's going
on here with the self signed certificate?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
javax.net.ssl Sockets and OKing self-signed certificates Richard Maher Java 8 09-28-2007 12:16 AM
javax.net.ssl Sockets and OKing self-signed certificates Richard Maher Javascript 2 09-06-2007 02:18 PM
OpenURI and not verifying self-signed certificates Jon Lim Ruby 0 11-21-2005 04:18 PM
Self-signed security certificates.. (oh, the evil) Andrew Thompson Java 63 09-20-2005 12:40 AM
Self-issued certificates and commercial certificates. Lord Amoeba Computer Security 2 05-05-2004 01:40 PM



Advertisments