[LRUG] OpenSSL CSR Generation - Challenge Passhrase

Jared Patterson Jared.Patterson at betfair.com
Mon Jun 25 08:59:58 PDT 2012 

Hey All,

Im working on building a API to handle certificate requests against a SCEP API on a PKI Product, and I need to be able to generate CSR's, which include a challenge passphrase, however I am struggling to see how this is done in ruby, nor does the docs for openssl show how this is possible. Usually using the openssl command directly, you would do something like:

# openssl req -new -nodes -keyout myserver.key -out server.csr -newkey rsa:2048

Which would request the following:

---------


       Country Name (2 letter code) [US]: US
       State or Province Name (full name) []: Texas
       Locality Name (eg, city) []: Houston
       Organization Name (eg, company) []: Your Company Inc
       Organizational Unit Name (eg, section) []: Your Department
       Common Name (eg, YOUR name) []: secure.yourcompanyname.com
       Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

       A challenge password []:
       An optional company name []:
---------

In ruby, I am doing the following:

---------

def gen_key(name)

  begin

    key = OpenSSL::PKey::RSA.new 2048

    file = File.new(name, "w")

    file.write(key)

    file.close

  rescue => e

    print "Error, something went wrong while generating the private key file?"

    print "Exception: #{e.message}"

  end

end

new_key = gen_key("jared.test.com")

def get_key(name)

  OpenSSL::PKey::RSA.new File.open(name)

end

key = get_key("jared.test.com")
cn = "jared.test.com")

def gen_csr(key, cn)

  options = {



  :country      => 'GB',

  :state        => 'London',

  :city         => 'London',

  :organization => 'Betfair',

  :department   => 'IS',

  :common_name  => '#{cn}',

  :email        => 'jared.patterson at betfair.com'



  }

  request = OpenSSL::X509::Request.new

  request.version = 0

  request.subject = OpenSSL::X509::Name.new([

  ['C',             options[:country], OpenSSL::ASN1::PRINTABLESTRING],

  ['ST',            options[:state],        OpenSSL::ASN1::PRINTABLESTRING],

  ['L',             options[:city],         OpenSSL::ASN1::PRINTABLESTRING],

  ['O',             options[:organization], OpenSSL::ASN1::UTF8STRING],

  ['OU',            options[:department],   OpenSSL::ASN1::UTF8STRING],

  ['CN',            options[:common_name],  OpenSSL::ASN1::UTF8STRING],

  ['emailAddress',  options[:email],        OpenSSL::ASN1::UTF8STRING]



  ])

  request.public_key = key.public_key

  request.sign(key, OpenSSL::Digest::SHA1.new)

end

my_csr = gen_csr(key, cn)

---------

However I don’t understand how I can add the challenge passphrase to the CSR, i'm guessing this is some sort of additional attribute added to the request, does anyone know how this is done, can supply me with an example?


Cheers,

Jared Patterson
Senior Linux Application Engineer
IS Platform and Enterprise – Product Delivery

Office: +44 (0) 20 8834 6506
Yahoo IM: patterson.jared84

Betfair. The World’s Biggest Betting Community.

Please consider the environment before printing this e-mail.
Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP. Registered in England and Wales under company number 5140986.


________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120625/faa56596/attachment.html>

More information about the Chat mailing list