make-x509-cert.t - Make an RSA X509 certificate using Crypt::OpenSSL::CA
This test walks the reader through using Crypt::OpenSSL::CA to create X509 certificates using real-world cryptographic material: namely, a CA certificate and private key (both PEM-encoded), and either a PKCS#10 or a SPKAC request. The private key is password-protected.
If the VERBOSE environment variable is set, the generated certificates will be shown on standard error during the test run.
Provided by Crypt::OpenSSL::CA::Test as standards-compliant PEM strings.
The subject DN can be provided literally; simply be careful to the DN order. Crypt::OpenSSL::CA enjoys full UTF-8 support.
The subject public key is taken from a PKCS#10 request with a DN that is not the same as the "Subject DN", so as to demonstrate the ability to alter the subject (like /usr/bin/openssl's -subj command line switch in openssl ca). Also demonstrated is using a SPKAC request, and an unadorned public key in PEM format.
/usr/bin/openssl
-subj
openssl ca
We use a rather Christmas-tree set of extensions to demonstrate the possibilities of the API.
The X509 version is always X509v3. The validity period (notBefore and notAfter) can be of arbitrary size, and transition from utcTime to generalizedTime is handled properly. The signature algorithm is RSA and the hash can be set to SHA1 or SHA256. OpenSSL's algorithm for RSA key fingerprints (also known as X509 KeyIDs) is used for the subject and issuer unique identifiers.
We run the CA three times, once for every supported format of public key (PKCS#10, SPKAC and plain-PEM).
The /usr/bin/openssl command is used to verify the details of the certificate. We also check that the certification chain validates OK. Both are done using "run_thru_openssl" in Crypt::OpenSSL::CA.
To install Crypt::OpenSSL::CA, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::OpenSSL::CA
CPAN shell
perl -MCPAN -e shell install Crypt::OpenSSL::CA
For more information on module installation, please visit the detailed CPAN module installation guide.