所以我有一个看起来像这样的方法:
def self.generateNewSignedCert(csr, uId)
# CSR = certificate signing request
# filename = uId + '.pem'
# csr = OpenSSL::X509::Request.new File.read Rails.root.join('keys','csr',filename)
# raise 'CSR can not be verified' unless csr.verify csr.public_key
ca_cert = OpenSSL::X509::Certificate.new File.read Rails.root.join('keys','certs','ca_cert.pem')
ca_key_pem = File.read Rails.root.join('keys','certs','ca_key.pem')
ca_key = OpenSSL::PKey::RSA.new ca_key_pem, 'ning'
csr_cert = OpenSSL::X509::Certificate.new
csr_cert.serial = 0
csr_cert.version = 2
csr_cert.not_before = Time.now
csr_cert.not_after = Time.now + 2592000
csr_cert.subject = csr.subject
csr_cert.public_key = csr.public_key
csr_cert.issuer = ca_cert.subject
extension_factory = OpenSSL::X509::ExtensionFactory.new
extension_factory.subject_certificate = csr_cert
extension_factory.issuer_certificate = ca_cert
extension_factory.create_extension 'basicConstraints', 'CA:FALSE'
extension_factory.create_extension 'keyUsage',
'keyEncipherment,dataEncipherment,digitalSignature'
extension_factory.create_extension 'subjectKeyIdentifier', 'hash'
csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
filename = uId + '_cert.pem'
open Rails.root.join('keys','certs',filename), 'w' do |io|
io.write csr_cert.to_pem
end
return csr_cert
end
返回控制器的csr_cert
是PEM格式吗?
我有另一种生成CA Cert的方法,看起来几乎相同,将文件保存为PEM并返回ca_cert并且工作正常(返回证书,而不是PEM)
任何人都知道我为什么要获得PEM而不是证书?
进一步的信息:
控制器
def newCert
csr = CertificateAuthority.newCSR(session[:uID].to_s)
@cert = CertificateAuthority.generateNewSignedCert(csr, session[:uID].to_s)
render :layout => false
end
如果我在puts csr_cert
行之后添加extension_factory
,它仍打印出一个PEM?