Dynamically Generating SSL Certificates with Ruby on Rails

OpenRain had a couple projects recently need to programmatically generate private keys and SSL certificates in Ruby. To contribute back to the community, we’re releasing several small things today.

  • SSLsicle.com A simple form which does the OpenSSL grunt work and pop outs an SSL certificate ready to use with Apache (or whatever). SSLsicle uses..
  • eassl_fix A Rails plugin which patches a small but critical bug in the eassl v0.1.1643 gem which makes OpenSSL object manipulation a bit less dense. I’ve submitted a patch (included) to the author, but as of today he hasn’t applied it. (Also, props to the JumpBox guys.)

If you need to write your own code to generate SSL certificates in Rails..

  1. sudo gem install eassl
  2. Install the eassl_fix plugin
  3. Bust out a view for the user to enter the information that gets baked into the cert and then write a few lines in your controller…
    require 'eassl'
    key = Key.new
    options = {
    :country      => params[:csr][:country],
    :state        => params[:csr][:state],
    :city         => params[:csr][:city],
    :organization => params[:csr][:organization],
    :department   => params[:csr][:department],
    :common_name  => params[:csr][:common_name],
    :email        => params[:csr][:email]
    name = CertificateName.new(options)
    csr = SigningRequest.new(:name => name, :key => key)
    ca = CertificateAuthority.new(:password => nil)
    cert = ca.create_certificate csr
    @pem = key.private_key.to_s
    @pem += cert.to_pem
  4. @pem.to_s will contain an unencrypted private key as well as a signed certificate suitable for deployment.