-
Notifications
You must be signed in to change notification settings - Fork 43
/
buying_ssl_cert.rb
34 lines (27 loc) · 1.1 KB
/
buying_ssl_cert.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
require "openssl"
# When you buy SSL certs from a CA, you can either memorize the impossible
# to memorize OpenSSL CLI, or use the logical and sound Ruby API.
# At the heart of a SSL cert is your own keypair. Generate it.
our_cert_keypair = OpenSSL::PKey::RSA.new(2048)
# We ship off a certificate request to the CA.
our_cert_req = OpenSSL::X509::Request.new
our_cert_req.subject = OpenSSL::X509::Name.new([
["C", "NO"],
["ST", "Oslo"],
["L", "Oslo"],
["O", "August Lilleaas"],
["CN", "*.augustl.com"]
])
our_cert_req.public_key = our_cert_keypair.public_key
our_cert_req.sign our_cert_keypair, OpenSSL::Digest::SHA256.new
# Send this file to the CA! There's probably a textarea in a form where
# they want you to paste in the certificate request - this is it.
File.open("/tmp/req.txt", "w+") do |f|
f.write our_cert_req.to_pem
end
# And we're done! You'll get the certificate itself from the CA, obviously.
# Also store the keypair to disk. Your SSL enabled server needs both the private
# key and the certificate.
File.open("/tmp/key.pem", "w+") do |f|
f.write our_cert_keypair.to_pem
end