Crypt::OpenSSL::Cloner - Clone an existing certificate and sign it with your own CA


        my $CA = Crypt::OpenSSL::Cloner->new(
        dn => {
            C => 'GB',
            O => 'CertOnTheFly',
            OU => "CertOnTheFly Certificate Generation",
            CN => 'CertOnTheFly Root'
        path => "/my/cert/ca/stuff"
    my ($der_pem,$rsa_key) = $CA->clone_cert($old_der_pem);


This module makes a new fake CA (or loads an existing one, depending on whether the right files are found in its path). It can then produce new certificates based on input from the old ones.

There isn't much to document as this is a 'closed box'; those familiar with X509 and friends are free to look in the source code, and perhaps even teach me a thing or two



Creates a new Crypt::OpenSSL::Cloner object. It takes a hash of options:

path is a mandatory option specifying the location from/to which to load/save the CA PEM and data.

dn is an optional option, it takes a hashref specifying common fields found in an X500(?) distinguished name. If not, the defaults are provided (as in the synopsis)


Clones an existing certificate. It takes one argument, which is a PEM blob. It returns a pair of ($new_pem,$new_rsa_key). You are free to save it, if you wish.


There are some package variables which control some trivial aspects of this module


The preferred algorithm to use for creating new private keys. An appropriate value is one accepted by the Crypt::OpenSSL::CA::X509->sign method.


Keylength to use for private keys. As always, this must be a power of two


What the CA files will be called within the CA directory. They will live there in the format of $CA_BASENAME.pem and $CA_BASENAME.key


Copyright 2011 M. Nunberg

All rights are reserved. Crypt::OpenSSL::Cloner is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (

1 POD Error

The following errors were encountered while parsing the POD:

Around line 280:

You forgot a '=back' before '=head2'