0

我正在尝试将自签名证书生成pem格式。下面是应该执行此操作的一段代码。

require 'openssl'
require 'r509'

rsa_key = OpenSSL::PKey::RSA.new(1024)
public_key = rsa_key.public_key

subject = "CN=test_host, OU=test_ou, O=test_o, DC=test_dc, DC=test_com"

cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + 365 * 24 * 60 * 60
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2

ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert

cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always")
cert.add_extension ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true)
cert.add_extension ef.create_extension("subjectAltName", "DNS:test_host")
cert.add_extension(ef.create_extension("certificatePolicies","1.3.6.1.4.1.41519.1.1"))
cert.sign rsa_key, OpenSSL::Digest::SHA256.new

cert.to_pem
File.write("test_self_cert.pem", cert.to_pem.to_s)

我运行它pry,一切正常。它生成了证书,但是当我打开它Portecle来验证它时extensionsCertificate policies抛出了以下错误:java.lang.ClassCastException: org.bouncycastle.asn1.DEROctetString cannot be cast to org.bouncycastle.asn1.ASN1Sequence. 下面我附上截图以供参考。我现在被困住了,很欣赏这方面的任何方向。

证书策略错误

4

0 回答 0