saving a OpenSSL::X509::Certificate as PKCS#12?

Discussion in 'Ruby' started by Magnus Bodin, Mar 17, 2005.

  1. Magnus Bodin

    Magnus Bodin Guest

    I want to create a X.509 certificate and save it as PKCS#12.
    All in pure Ruby.

    I've looked in the WEBrick and QuickCert sources, waded through
    sources of openssl, stunnel and now ruby-1.8.2, but it is a little bit
    hazy.

    My guess is that I shall create a PKCS12-object of some sort and
    initialize this with my already created X.509-cert, right?

    How do I save it in PKCS#12-format, readable from e.g. firefox?

    I've successfully created a cert and saved it as PEM with the
    OpenSSL::X509::Certificate#to_pem, and then *converted* it on the
    commandline with the openssl-tool. But I'd like to save it in the right
    format directly from ruby.

    Please advise or even better:
    Please point me to the fine manual, because I cannot find it.

    -- magnus
    Magnus Bodin, Mar 17, 2005
    #1
    1. Advertising

  2. Magnus Bodin

    Magnus Bodin Guest

    On Fri, Mar 18, 2005 at 01:48:15AM +0900, Magnus Bodin wrote:
    >
    > I want to create a X.509 certificate and save it as PKCS#12.
    > All in pure Ruby.


    I guess I can't?
    I guess I have to save it as PEM and then do a
    'openssl pkcs12 -inkey mykey.pem -in mycert.pem -out mypair.p12 -export'

    ?

    The sillyness in this is that I will lose simplicity on the
    win32 platform as I just want to install the one-click-installer. It
    includes the openssl-libraries, but not the commandline tool. A pure
    ruby totally independent solution would be much, much nicer.

    -- magnus
    Magnus Bodin, Mar 19, 2005
    #2
    1. Advertising

  3. Magnus Bodin

    GOTOU Yuuzou Guest

    Hi,

    In message <>,
    `Magnus Bodin <>' wrote:
    > I want to create a X.509 certificate and save it as PKCS#12.
    > All in pure Ruby.


    OpenSSL::pKCS12.create is a wrapper of PKCS12_create
    function.

    require "openssl"

    pkey = OpenSSL::pKey::RSA.new(512)
    cert = OpenSSL::X509::Certificate.new
    cert.version = 1
    cert.subject = cert.issuer = OpenSSL::X509::Name.parse("/C=FOO")
    cert.public_key = pkey.public_key
    cert.not_before = Time.now
    cert.not_after = Time.now+3600*24*365
    cert.sign(pkey, OpenSSL::Digest::SHA1.new)
    p12 = OpenSSL::pKCS12.create("passwd", "FriendlyName", pkey, cert)
    print p12.to_der

    --
    gotoyuzo
    GOTOU Yuuzou, Mar 19, 2005
    #3
  4. Magnus Bodin

    Magnus Bodin Guest

    On Sun, Mar 20, 2005 at 01:21:22AM +0900, GOTOU Yuuzou wrote:
    >
    > p12 = OpenSSL::pKCS12.create("passwd", "FriendlyName", pkey, cert)
    > print p12.to_der


    Thanks. This worked perfectly!

    -- magnus
    Magnus Bodin, Mar 20, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    522
  2. Jesus Suarez

    PROBLEM CERTIFICATE X509

    Jesus Suarez, Aug 27, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    483
    Jesus Suarez
    Aug 27, 2007
  3. Marcin Jurczuk

    python openssl x509 CA

    Marcin Jurczuk, Oct 31, 2008, in forum: Python
    Replies:
    3
    Views:
    1,019
    Michael Ströder
    Oct 31, 2008
  4. Rémi
    Replies:
    0
    Views:
    422
    Rémi
    Apr 13, 2010
  5. Keyset does not exist X509Certificate

    Keyset does not exist at Microsoft.Web.Services.Security.X509.X509

    Keyset does not exist X509Certificate, Jun 12, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    194
    Keyset does not exist X509Certificate
    Jun 12, 2004
Loading...

Share This Page