require 'openssl'

# Taken directly from echo_svr.rb in the Ruby openssl examples

key = OpenSSL::PKey::RSA.new(4096) do
  print '.'
  $stdout.flush
end
puts
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 0
name = OpenSSL::X509::Name.new([%w[C JP], %w[O TEST], %w[CN localhost]])
cert.subject = name
cert.issuer = name
cert.not_before = Time.now
cert.not_after = Time.now + 3600
cert.public_key = key.public_key
ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)
cert.extensions = [
  ef.create_extension('basicConstraints', 'CA:FALSE'),
  ef.create_extension('subjectKeyIdentifier', 'hash'),
  ef.create_extension('extendedKeyUsage', 'serverAuth'),
  ef.create_extension('keyUsage',
                      'keyEncipherment,dataEncipherment,digitalSignature')
]
ef.issuer_certificate = cert
cert.add_extension ef.create_extension('authorityKeyIdentifier',
                                       'keyid:always,issuer:always')
cert.sign(key, OpenSSL::Digest.new('SHA1'))

# Write to disk
File.open('key.pem', 'w', 0o600) { |f| f << key.to_pem }
File.open('cert.pem', 'w', 0o644) { |f| f << cert.to_pem }