0

I am trying to generate a self signed certificate into pem format. Below is the piece of code that is supposed to do it. 

require 'openssl'
require 'r509'

rsa_key = OpenSSL::PKey::RSA.new(1024)
public_key = rsa_key.public_key

subject = "CN=test_host, OU=test_ou, O=test_o, DC=test_dc, DC=test_com"

cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + 365 * 24 * 60 * 60
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2

ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert

cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always")
cert.add_extension ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true)
cert.add_extension ef.create_extension("subjectAltName", "DNS:test_host")
cert.add_extension(ef.create_extension("certificatePolicies","1.3.6.1.4.1.41519.1.1"))
cert.sign rsa_key, OpenSSL::Digest::SHA256.new

cert.to_pem
File.write("test_self_cert.pem", cert.to_pem.to_s)

I ran it on pry and everything worked fine. It generated the certificate but when I opened it on Portecle to verify the extensions, Certificate policies was throwing the following error: java.lang.ClassCastException: org.bouncycastle.asn1.DEROctetString cannot be cast to org.bouncycastle.asn1.ASN1Sequence. Below I attached the screenshot for reference. I am stuck right now and appreciate any kind of direction on this.

certificate policies error

itsh
  • 1,063
  • 3
  • 14
  • 28
  • There's a lot of security warnings from Java when opening Portecle. Running the ruby code and verifying the PEM output in an online tool checks out. It would seem the problem is with the Portecle software, not the ruby code. – br3nt Apr 27 '19 at 13:37
  • @br3nt Thanks for responding. I tried to read the same `pem` file using `keytool` but it was also giving the `parsing error message`. – itsh Apr 28 '19 at 00:28

0 Answers0