Method: Localhost::Issuer#certificate
- Defined in:
- lib/localhost/issuer.rb
#certificate ⇒ Object
The public certificate.
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/localhost/issuer.rb', line 78 def certificate @certificate ||= OpenSSL::X509::Certificate.new.tap do |certificate| certificate.subject = self.subject # We use the same issuer as the subject, which makes this certificate self-signed: certificate.issuer = self.subject certificate.public_key = self.key.public_key certificate.serial = Time.now.to_i certificate.version = 2 certificate.not_before = Time.now - 10 certificate.not_after = Time.now + VALIDITY extension_factory = ::OpenSSL::X509::ExtensionFactory.new extension_factory.subject_certificate = certificate extension_factory.issuer_certificate = certificate certificate.add_extension extension_factory.create_extension("basicConstraints", "CA:TRUE", true) certificate.add_extension extension_factory.create_extension("keyUsage", "keyCertSign, cRLSign", true) certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash") certificate.add_extension extension_factory.create_extension("authorityKeyIdentifier", "keyid:always", false) certificate.sign self.key, OpenSSL::Digest::SHA256.new end end |