我正在尝试生成pem
格式的自签名证书。以下是应该执行的代码。
require 'openssl'
require 'r509'
rsa_key = OpenSSL::PKey::RSA.new(1024)
public_key = rsa_key.public_key
subject = "CN=test_host, OU=test_ou, O=test_o, DC=test_dc, DC=test_com"
cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + 365 * 24 * 60 * 60
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always")
cert.add_extension ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true)
cert.add_extension ef.create_extension("subjectAltName", "DNS:test_host")
cert.add_extension(ef.create_extension("certificatePolicies","1.3.6.1.4.1.41519.1.1"))
cert.sign rsa_key, OpenSSL::Digest::SHA256.new
cert.to_pem
File.write("test_self_cert.pem", cert.to_pem.to_s)
我在pry
上运行了它,一切正常。它生成了证书,但是当我在Portecle
上打开证书以验证extensions
时,Certificate policies
抛出以下错误:java.lang.ClassCastException: org.bouncycastle.asn1.DEROctetString cannot be cast to org.bouncycastle.asn1.ASN1Sequence
。下面我附上了屏幕截图以供参考。我现在陷入困境,并对此表示赞赏。