create a self-signed certificate using ruby-openssl

This is exactly what I was looking for when I googled "generate self signed certificate ruby." Thanks so much for this!

awesome :)

Thanks for saving me hours to figure out confusing key cert stuff!

Brilliant, thanks a bunch. (Y)

While this isn't immediately insecure, standard cert defaults these days are 2048 bit keys and SHA256 digests.

key = OpenSSL::PKey::RSA.new(2048) 
...
cert.sign key, OpenSSL::Digest::SHA256.new

Thanks for sharing!

Why are some of the extensions set directly on cert.extensions, and one is added using cert.add_extension? In the example in the documentation, they only use add_extension: https://ruby-doc.org/stdlib-2.4.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

⚠️
OpenSSL::PKey::RSA.new(1024)
1024 bits keys are not secure anymore as well as 2048. 4096 bits are fine.

How do you get the CA from that?

cert.pem returns the server certificate, right? What about the client certificate? How do you get that?

Thank you!

Thanks. This code was exactly what we needed and we've been using it for a while now. Unfortunately our company just ran a BlackDuck scan on our code and this is now being flagged as "unlicensed" because there is no explicit license statement on this page. I don't suppose you could give it a license (e.g. MIT?) so we can continue to use it? Many thanks.

Author

@antonyedwards I've added the MIT licence. Enjoy!