Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL verify certificate from own CA

Hello all and thanks for your time reading this.

I need to verify certificates issued by my own CA, for which I have a certificate. How can I do the equivalent to openssl's

openssl verify -CAfile

in Ruby code? The RDoc for OpenSSL is not very helpful in this regard. I've tried:

require 'openssl'

ca = OpenSSL::X509::Certificate.new(File.read('ca-cert.pem'))

lic = OpenSSL::X509::Certificate.new(File.read('cert.pem'))

puts lic.verify( ca )

but I get:

test.rb:7:in `verify': wrong argument (OpenSSL::X509::Certificate)!
(Expected kind of OpenSSL::PKey::PKey) (TypeError)
  from test.rb:7

I can't even find "verify" in the OpenSSL Rdoc at http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/index.html.

Any help is appreciated. Thanks again!

like image 970
Bruno Antunes Avatar asked Mar 31 '09 13:03

Bruno Antunes


1 Answers

You need to validate with

lic.verify(ca.public_key)

in addition before that you can verify certificate issuer with

lic.issuer.to_s == ca.subject.to_s

I used one Japanese help page to get the list of available methods :)

like image 182
Raimonds Simanovskis Avatar answered Sep 17 '22 23:09

Raimonds Simanovskis