Mathish

the two halves of my tasty brain

OpenSSL - Brief Notes

When setting up OpenSSL validation in Ruby, I ran into a few issues. I’ll revisit this post later, but for my own memory, here’s the big one:

OpenSSL in Ruby

The following code assumes that there is a subdirectory named certs containing known certificates in PEM format, and a subdir keys containing the client’s private RSA key. Further, there are lots of comments specific to my actual needs, namely exporting keys generated in Java using keytool for an Apache ActiveMQ message broker. Lastly, to use the ca_path method, the certs directory needs to be properly indexed using c_rehash (make sure the underlying version of openssl matches the version Ruby’s OpenSSL extension was built against, otherwise the hash algorithm may not be the same.)