Set up your own Ruby-powered Certificate Authority (opens in new tab)

(langui.sh)

21 pointspennig13y ago2 comments

2 comments

You can also do this with OpenSSL's x509 code; we have a 50 line Ruby function that mints new validly-signed signatures from a CA=YES signature generated by the OpenSSL command line tools.

reaperhulk13y ago

Absolutely. r509 (which this tutorial uses) is fundamentally a wrapper around the OpenSSL bindings of Ruby. It doesn't do anything that you can't do without it; it just tries to present certificate generation/revocation/management in a simpler manner.

This is most evident in the OCSP responder, which leverages sections of the Ruby OpenSSL code that have...limited documentation (see: http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/Ope...)

j / k navigate · click thread line to collapse

2 comments

tptacek13y ago

You can also do this with OpenSSL's x509 code; we have a 50 line Ruby function that mints new validly-signed signatures from a CA=YES signature generated by the OpenSSL command line tools.

reaperhulk13y ago

This is most evident in the OCSP responder, which leverages sections of the Ruby OpenSSL code that have...limited documentation (see: http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/Ope...)

j / k navigate · click thread line to collapse