Rubyでcsrの作成
Date:2013-08-15 01:07:53 +0900
Categories: TECHNOLOGY
Categories: TECHNOLOGY
ちょっと必要に迫られてsslの申請系をRubyで楽ちんにやっちゃおう企画をしていて、SSL申請時のCSRを何とかならんかねということでしらべてたんですが、opensslコマンドのページにおもいっきり作成方法のってたわ(HAPPY!!)→ http://doc.ruby-lang.org/ja/1.9.3/class/OpenSSL=3a=3aX509=3a=3aRequest.html
それをちょっとゴニョゴニョしてみました。
▼ makecsr.rb(秘密鍵は事前に作ってる前提みたいです)
# coding:utf-8 require 'openssl' # ファイルから秘密鍵を読み込む rsa = OpenSSL::PKey::RSA.new(File.read("domain.key")) csr = OpenSSL::X509::Name.new csr = OpenSSL::X509::Request.new # subject部分の生成 name = OpenSSL::X509::Name.new name.add_entry('C','JP') name.add_entry('ST','Kanagawa') name.add_entry('L','Yokohama') name.add_entry('O','WORKAPART') name.add_entry('OU','Security') name.add_entry('CN','www.workapart.org') csr.subject = name # バージョンを 0 (v1.7) に csr.version = 0 # 公開鍵を CSR に設定 csr.public_key = rsa.public_key # attribute を設定 factory = OpenSSL::X509::ExtensionFactory.new exts = [factory.create_ext("subjectAltName", "DNS:www.workapart.org")] asn1exts = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence(exts)]) csr.add_attribute(OpenSSL::X509::Attribute.new("extReq", asn1exts)) csr.sign(rsa, "sha1") # ファイルの書き出し csrfile = File.open("domain.csr","w") File.write(csrfile, csr) csrfile.close exit 0 ちょっとattributeの件がよくわからないので調べる。 とりあえずサイトに乗ってたものをそのまま載せた感じです。 ▼できたcsrを確かめてみた WorkApartAir:~ ryo$ openssl req -noout -text -in domain.csr Certificate Request: Data: Version: 0 (0x0) Subject: C=JP, ST=Kanagawa, L=Yokohama, O=WORKAPART, OU=Security, CN=www.workapart.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bc:1f:c2:db:51:45:4c:b1:ad:15:00:6e:38:b4: 8a:a0:ef:b6:b6:46:00:df:38:f5:97:d3:ea:5f:ef: d2:8e:7f:be:da:6c:24:47:9c:ea:69:13:71:0c:49: 29:1a:8a:4c:89:48:e9:5c:d9:cc:a3:ac:d9:99:ae: 1d:31:df:93:3f:b1:ea:0e:89:03:20:c2:0d:7e:60: 25:a6:7a:30:f0:ab:0a:84:57:a7:df:ed:01:39:53: ec:4e:f4:37:fe:f2:db:fb:83:8b:0e:d1:2b:00:b1: a8:f8:08:15:5a:1a:08:6e:5b:21:aa:eb:f3:d3:d1: fd:11:26:a7:3f:00:77:a3:fb:e6:ee:52:03:0b:d0: eb:36:52:94:a3:a7:e8:ec:a1:3f:37:e4:9b:64:ab: a4:85:50:09:d3:c0:a8:29:c1:99:53:c0:e8:65:a4: 3b:23:af:8d:be:0e:43:d6:1b:55:0a:ac:96:20:2f: 77:f7:30:cb:3a:eb:5e:43:9d:1e:32:ca:56:0a:78: 3b:fa:28:b5:1e:00:38:28:a0:63:8b:6c:59:af:56: 38:15:63:8c:13:c3:b2:f5:1c:33:63:7e:2f:f2:e4: cf:c4:9b:ed:bf:c3:0f:e1:5a:d0:5a:71:47:89:64: 1a:c2:9f:bb:a0:d4:3f:97:42:6c:c3:b9:0a:77:c0: c7:9d Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Subject Alternative Name: DNS:www.workapart.org Signature Algorithm: sha1WithRSAEncryption 5d:50:b7:3b:8c:81:c2:57:d0:a8:0e:1a:5c:4e:4a:50:5b:e8: 5d:1b:4c:31:f4:6a:45:c1:16:25:d5:1d:6e:70:7c:ad:54:b8: ab:87:5f:d6:7c:b2:7f:a1:22:53:91:f2:9a:c8:ed:23:ae:48: 10:8b:79:43:f9:b0:be:c8:6d:19:de:de:f5:e5:ed:78:a1:d1: 8b:8f:8b:ab:aa:1e:dc:50:6d:cb:a7:6a:46:1e:c7:d6:49:22: f5:fb:fa:1e:5f:e1:b8:8a:b4:41:27:e1:fd:d2:a9:cb:2e:83: 48:a1:f3:2d:bb:1e:9f:45:96:90:9c:4f:60:bf:95:fa:70:cc: 2e:e6:41:81:23:d1:4f:8d:5d:2d:e6:a4:74:8b:87:3e:5f:33: a9:cf:92:c0:8a:bd:9a:87:01:9b:09:df:99:5d:03:e7:20:5f: e7:d0:55:97:c5:ef:d6:bc:f2:b6:4e:d5:18:75:9a:e0:a8:71: fa:e3:a9:b6:be:dc:7a:40:56:42:1e:20:5d:50:ef:4c:e8:8b: ae:e2:31:d6:19:db:f0:30:03:ed:a0:29:10:e2:69:b6:02:fb: 75:f9:b7:41:77:dc:ff:48:93:d6:e5:6f:30:7d:2f:73:07:86: 05:f5:63:0e:02:33:f4:9f:75:87:6f:06:d6:07:34:6f:df:ee: 7f:c9:d9:d7 md5値もあってるっぽいすね。 $ openssl req -noout -modulus -in domain.csr |openssl md5 4eff3ef7231de66185eb39a3b8f85835 $ openssl rsa -noout -modulus -in domain.key |openssl md5 4eff3ef7231de66185eb39a3b8f85835 あとは秘密鍵を作るスクリプト作って合体させればOKかなー。 ちょっと使えるかどうかは、先輩によく確認してもらおう。Tweet