[LRUG] OpenSSL CSR Generation - Challenge Passhrase
Romek
romeks at gmail.com
Mon Jun 25 09:09:58 PDT 2012
Hi Jared,
I made the sslplaypen (full source on rubyforge) for just this
purpose. If you need more info, please contact me.
Kind regards
Romek
On Mon, Jun 25, 2012 at 4:59 PM, Jared Patterson
<Jared.Patterson at betfair.com> wrote:
> Hey All,
>
> Im working on building a API to handle certificate requests against a SCEP
> API on a PKI Product, and I need to be able to generate CSR's, which include
> a challenge passphrase, however I am struggling to see how this is done in
> ruby, nor does the docs for openssl show how this is possible. Usually using
> the openssl command directly, you would do something like:
>
> # openssl req -new -nodes -keyout myserver.key -out server.csr -newkey
> rsa:2048
>
> Which would request the following:
>
> ---------
>
>
> Country Name (2 letter code) [US]: US
> State or Province Name (full name) []: Texas
> Locality Name (eg, city) []: Houston
> Organization Name (eg, company) []: Your Company Inc
> Organizational Unit Name (eg, section) []: Your Department
> Common Name (eg, YOUR name) []: secure.yourcompanyname.com
> Email Address []:
>
> Please enter the following 'extra' attributes to be sent with your
> certificate request
>
> A challenge password []:
> An optional company name []:
> ---------
>
> In ruby, I am doing the following:
>
> ---------
>
> def gen_key(name)
>
> begin
>
> key = OpenSSL::PKey::RSA.new 2048
>
> file = File.new(name, "w")
>
> file.write(key)
>
> file.close
>
> rescue => e
>
> print "Error, something went wrong while generating the private key
> file?"
>
> print "Exception: #{e.message}"
>
> end
>
> end
>
> new_key = gen_key("jared.test.com")
>
> def get_key(name)
>
> OpenSSL::PKey::RSA.new File.open(name)
>
> end
>
> key = get_key("jared.test.com")
> cn = "jared.test.com")
>
> def gen_csr(key, cn)
>
> options = {
>
>
>
> :country => 'GB',
>
> :state => 'London',
>
> :city => 'London',
>
> :organization => 'Betfair',
>
> :department => 'IS',
>
> :common_name => '#{cn}',
>
> :email => 'jared.patterson at betfair.com'
>
>
>
> }
>
> request = OpenSSL::X509::Request.new
>
> request.version = 0
>
> request.subject = OpenSSL::X509::Name.new([
>
> ['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING],
>
> ['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING],
>
> ['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING],
>
> ['O', options[:organization], OpenSSL::ASN1::UTF8STRING],
>
> ['OU', options[:department], OpenSSL::ASN1::UTF8STRING],
>
> ['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING],
>
> ['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING]
>
>
>
> ])
>
> request.public_key = key.public_key
>
> request.sign(key, OpenSSL::Digest::SHA1.new)
>
> end
>
> my_csr = gen_csr(key, cn)
>
> ---------
>
> However I don’t understand how I can add the challenge passphrase to the
> CSR, i'm guessing this is some sort of additional attribute added to the
> request, does anyone know how this is done, can supply me with an example?
>
>
>
> Cheers,
>
> Jared Patterson
>
> Senior Linux Application Engineer
>
> IS Platform and Enterprise – Product Delivery
>
>
>
> Office: +44 (0) 20 8834 6506
>
> Yahoo IM: patterson.jared84
>
>
> Betfair. The World’s Biggest Betting Community.
>
> Please consider the environment before printing this e-mail.
> Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP.
> Registered in England and Wales under company number 5140986.
>
>
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
More information about the Chat
mailing list