Permalink
Browse files

Adds better contributors and thanks notices. Adds instructions for CSRs

  • Loading branch information...
cchandler committed Sep 14, 2012
1 parent 28a811e commit 1c65f0ce426f2f2dee6a543cedec7dc8abc44ef5
Showing with 28 additions and 0 deletions.
  1. +28 −0 README.rdoc
View
@@ -193,6 +193,25 @@ These CPSs define what vetting criteria and maintenance practices are required t
[user_notice] This is a nested field containing explicit human readable text if you want to embed a notice in the certificate body related to certification practices. It contains nested attributes of +explicit_text+ for the notice, +organization+ and +notice_numbers+. Refer to the RFC for specific implications of how these are set, but whether or not browsers implement the correct specified behavior for their presence is another issue.
= Certificate Signing Requests (CSRs)
If you want certificate requestors to be able to request certificates without moving the private key you'll need to generate a CSR and submit it to the certificate authority.
Here's an example of using +certificate_authority+ to generate a CSR.
csr = CertificateAuthority::SigningRequest.new
dn = CertificateAuthority::DistinguishedName.new
dn.common_name = "localhost"
csr.distinguished_name = dn
k = CertificateAuthority::KeyMaterial.from_x509_key_pair(key_pair)
csr.key_material = k
csr.to_x509_csr.to_pem
Similarly, reading a CSR in is as simple as providing the PEM formatted version to +SigningRequest.from_x509_csr+.
csr = CertificateAuthority::SigningRequest.from_x509_csr(@pem_csr)
csr.to_cert
= PKCS#11 Support
If you happen to have a PKCS#11 compliant hardware token you can use +certificate_authority+ to maintain private key materials in hardware security modules. At this point the scope of operating that hardware is out of scope of this README but it's there and it is supported.
@@ -232,6 +251,15 @@ Also of note, I have gotten these to work with 32-bit copies of Ubuntu 10.10 and
* Firefox will complain about root/intermediate certificates unless both digitalSignature and keyEncipherment are specified as keyUsage attributes. Thanks diogomonica
= Special thanks and Contributions
* Diogo Monica @diogo
* Justin Cummins @sul3n3t
* @databus23
* Colin Jones @trptcolin
* Eric Monti @emonti
* TJ Vanderpoel @bougyman
== Meta
Written by Chris Chandler(http://chrischandler.name)

0 comments on commit 1c65f0c

Please sign in to comment.