As it turns out, I added exactly this information to the documentation for Ruby 1.9.3, which was just published today by James Britt - have a look at the documentation for OpenSSL::X509::Certificate, it should answer all your questions.
Modifying the examples there to generate the particular extensions listed in your example should be straightforward if that particular extension is supported by OpenSSL itself.
For more complicated cases, e.g. the custom OtherName in your example, you may still use OpenSSL::X509::Extension, which is not documented yet, unfortunately. The OpenSSL::ASN1 module needed for such custom extensions on the other hand has been documented for 1.9.3, and all the code/advice presented there should be applicable to 1.9.2 as well. You could also use the ASN1 module to create a multi-valued version of subjectAltName.
OpenSSL 是一个非常强大且值得信赖的工具包——它还有一个额外的优点,那就是您可以从任何脚本语言中以相同的方式调用它。使用 OpenSSL 命令行工具,您的优势是可以与命令行交互来帮助调试脚本;您还可以使用相同的 CA 在脚本之外手动生成证书。
I'd use OpenSSL or a direct wrapper around the library like Ruby's openssl library.
OpenSSL is a very powerful and trusted toolkit -- and it has the additional advantage that you can call it the same way from any scripting language. Using the OpenSSL commandline tools, you have the advantage that you can interact with the commandline to help debug your script; you can also manually generate certs outside of your script using the same CA.
发布评论
评论(3)
事实证明,我将这些信息准确地添加到了 Ruby 1.9.3 的文档中,该文档今天刚刚由 James Britt 发布 - 请查看 文档OpenSSL::X509::Certificate,它应该可以回答您所有的问题。
如果 OpenSSL 本身支持特定扩展,则修改示例以生成示例中列出的特定扩展应该很简单。
对于更复杂的情况,例如示例中的自定义 OtherName,您仍然可以使用 OpenSSL::X509::Extension,不幸的是,尚未记录。另一方面,此类自定义扩展所需的 OpenSSL::ASN1 模块为 为 1.9.3 记录,并且其中提供的所有代码/建议也应适用于 1.9.2。您还可以使用 ASN1 模块创建 subjectAltName 的多值版本。
As it turns out, I added exactly this information to the documentation for Ruby 1.9.3, which was just published today by James Britt - have a look at the documentation for OpenSSL::X509::Certificate, it should answer all your questions.
Modifying the examples there to generate the particular extensions listed in your example should be straightforward if that particular extension is supported by OpenSSL itself.
For more complicated cases, e.g. the custom OtherName in your example, you may still use OpenSSL::X509::Extension, which is not documented yet, unfortunately. The OpenSSL::ASN1 module needed for such custom extensions on the other hand has been documented for 1.9.3, and all the code/advice presented there should be applicable to 1.9.2 as well. You could also use the ASN1 module to create a multi-valued version of subjectAltName.
我会使用 OpenSSL 或库的直接包装器,例如 Ruby 的 openssl 库。
OpenSSL 是一个非常强大且值得信赖的工具包——它还有一个额外的优点,那就是您可以从任何脚本语言中以相同的方式调用它。使用 OpenSSL 命令行工具,您的优势是可以与命令行交互来帮助调试脚本;您还可以使用相同的 CA 在脚本之外手动生成证书。
I'd use OpenSSL or a direct wrapper around the library like Ruby's openssl library.
OpenSSL is a very powerful and trusted toolkit -- and it has the additional advantage that you can call it the same way from any scripting language. Using the OpenSSL commandline tools, you have the advantage that you can interact with the commandline to help debug your script; you can also manually generate certs outside of your script using the same CA.
我们的 SecureBlackbox 允许您在 C# 中创建和管理 X.509 证书,并允许您添加自定义扩展。我相信 BouncyCastle 也可以做到这一点。
Our SecureBlackbox lets you create and manage X.509 certificates in C# and lets you add custom extensions. I believe BouncyCastle can do this as well.