Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

saving a OpenSSL::X509::Certificate as PKCS#12?

482 views
Skip to first unread message

Magnus Bodin

unread,
Mar 17, 2005, 11:48:15 AM3/17/05
to

I want to create a X.509 certificate and save it as PKCS#12.
All in pure Ruby.

I've looked in the WEBrick and QuickCert sources, waded through
sources of openssl, stunnel and now ruby-1.8.2, but it is a little bit
hazy.

My guess is that I shall create a PKCS12-object of some sort and
initialize this with my already created X.509-cert, right?

How do I save it in PKCS#12-format, readable from e.g. firefox?

I've successfully created a cert and saved it as PEM with the
OpenSSL::X509::Certificate#to_pem, and then *converted* it on the
commandline with the openssl-tool. But I'd like to save it in the right
format directly from ruby.

Please advise or even better:
Please point me to the fine manual, because I cannot find it.

-- magnus


Magnus Bodin

unread,
Mar 19, 2005, 9:09:31 AM3/19/05
to
On Fri, Mar 18, 2005 at 01:48:15AM +0900, Magnus Bodin wrote:
>
> I want to create a X.509 certificate and save it as PKCS#12.
> All in pure Ruby.

I guess I can't?
I guess I have to save it as PEM and then do a
'openssl pkcs12 -inkey mykey.pem -in mycert.pem -out mypair.p12 -export'

?

The sillyness in this is that I will lose simplicity on the
win32 platform as I just want to install the one-click-installer. It
includes the openssl-libraries, but not the commandline tool. A pure
ruby totally independent solution would be much, much nicer.

-- magnus


GOTOU Yuuzou

unread,
Mar 19, 2005, 11:21:22 AM3/19/05
to
Hi,

In message <20050317164...@bodin.org>,


`Magnus Bodin <mag...@bodin.org>' wrote:
> I want to create a X.509 certificate and save it as PKCS#12.
> All in pure Ruby.

OpenSSL::PKCS12.create is a wrapper of PKCS12_create
function.

require "openssl"

pkey = OpenSSL::PKey::RSA.new(512)
cert = OpenSSL::X509::Certificate.new
cert.version = 1
cert.subject = cert.issuer = OpenSSL::X509::Name.parse("/C=FOO")
cert.public_key = pkey.public_key
cert.not_before = Time.now
cert.not_after = Time.now+3600*24*365
cert.sign(pkey, OpenSSL::Digest::SHA1.new)
p12 = OpenSSL::PKCS12.create("passwd", "FriendlyName", pkey, cert)
print p12.to_der

--
gotoyuzo


Magnus Bodin

unread,
Mar 20, 2005, 4:28:43 PM3/20/05
to
On Sun, Mar 20, 2005 at 01:21:22AM +0900, GOTOU Yuuzou wrote:
>
> p12 = OpenSSL::PKCS12.create("passwd", "FriendlyName", pkey, cert)
> print p12.to_der

Thanks. This worked perfectly!

-- magnus


0 new messages