[LRUG] OpenSSL CSR Generation - Challenge Passhrase
Jared Patterson
Jared.Patterson at betfair.com
Mon Jun 25 08:59:58 PDT 2012
Hey All,
Im working on building a API to handle certificate requests against a SCEP API on a PKI Product, and I need to be able to generate CSR's, which include a challenge passphrase, however I am struggling to see how this is done in ruby, nor does the docs for openssl show how this is possible. Usually using the openssl command directly, you would do something like:
# openssl req -new -nodes -keyout myserver.key -out server.csr -newkey rsa:2048
Which would request the following:
---------
Country Name (2 letter code) [US]: US
State or Province Name (full name) []: Texas
Locality Name (eg, city) []: Houston
Organization Name (eg, company) []: Your Company Inc
Organizational Unit Name (eg, section) []: Your Department
Common Name (eg, YOUR name) []: secure.yourcompanyname.com
Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
---------
In ruby, I am doing the following:
---------
def gen_key(name)
begin
key = OpenSSL::PKey::RSA.new 2048
file = File.new(name, "w")
file.write(key)
file.close
rescue => e
print "Error, something went wrong while generating the private key file?"
print "Exception: #{e.message}"
end
end
new_key = gen_key("jared.test.com")
def get_key(name)
OpenSSL::PKey::RSA.new File.open(name)
end
key = get_key("jared.test.com")
cn = "jared.test.com")
def gen_csr(key, cn)
options = {
:country => 'GB',
:state => 'London',
:city => 'London',
:organization => 'Betfair',
:department => 'IS',
:common_name => '#{cn}',
:email => 'jared.patterson at betfair.com'
}
request = OpenSSL::X509::Request.new
request.version = 0
request.subject = OpenSSL::X509::Name.new([
['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING],
['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING],
['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING],
['O', options[:organization], OpenSSL::ASN1::UTF8STRING],
['OU', options[:department], OpenSSL::ASN1::UTF8STRING],
['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING],
['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING]
])
request.public_key = key.public_key
request.sign(key, OpenSSL::Digest::SHA1.new)
end
my_csr = gen_csr(key, cn)
---------
However I don’t understand how I can add the challenge passphrase to the CSR, i'm guessing this is some sort of additional attribute added to the request, does anyone know how this is done, can supply me with an example?
Cheers,
Jared Patterson
Senior Linux Application Engineer
IS Platform and Enterprise – Product Delivery
Office: +44 (0) 20 8834 6506
Yahoo IM: patterson.jared84
Betfair. The World’s Biggest Betting Community.
Please consider the environment before printing this e-mail.
Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP. Registered in England and Wales under company number 5140986.
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120625/faa56596/attachment-0003.html>
More information about the Chat
mailing list