Saving a OpenSSL::X509::Certificate as PKCS#12?

I want to create a X.509 certificate and save it as PKCS#12.
All in pure Ruby.

I've looked in the WEBrick and QuickCert sources, waded through
sources of openssl, stunnel and now ruby-1.8.2, but it is a little bit
hazy.

My guess is that I shall create a PKCS12-object of some sort and
initialize this with my already created X.509-cert, right?

How do I save it in PKCS#12-format, readable from e.g. firefox?

I've successfully created a cert and saved it as PEM with the
OpenSSL::X509::Certificate#to_pem, and then *converted* it on the
commandline with the openssl-tool. But I'd like to save it in the right
format directly from ruby.

Please advise or even better:
Please point me to the fine manual, because I cannot find it.

-- magnus

I guess I can't?
I guess I have to save it as PEM and then do a
'openssl pkcs12 -inkey mykey.pem -in mycert.pem -out mypair.p12 -export'

?

The sillyness in this is that I will lose simplicity on the
win32 platform as I just want to install the one-click-installer. It
includes the openssl-libraries, but not the commandline tool. A pure
ruby totally independent solution would be much, much nicer.

-- magnus

Hi,

In message <20050317164756.GO18877@bodin.org>,

I want to create a X.509 certificate and save it as PKCS#12.
All in pure Ruby.

OpenSSL::PKCS12.create is a wrapper of PKCS12_create
function.

require "openssl"

pkey = OpenSSL::PKey::RSA.new(512)
cert = OpenSSL::X509::Certificate.new
cert.version = 1
cert.subject = cert.issuer = OpenSSL::X509::Name.parse("/C=FOO")
cert.public_key = pkey.public_key
cert.not_before = Time.now
cert.not_after = Time.now+3600*24*365
cert.sign(pkey, OpenSSL::Digest::SHA1.new)
p12 = OpenSSL::PKCS12.create("passwd", "FriendlyName", pkey, cert)
print p12.to_der

Thanks. This worked perfectly!

-- magnus