Space Vatican

Ramblings of a curious coder

Ruby Openssl and Client Side Certificates

I recently needed to deal with ssl connection using client side certificates. The ruby openssl bindings are fairly impenetrable, here’s what worked for me (at least in part as a note for myself in the future)

1
2
3
4
5
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new("mycert.cer")
ctx.key = OpenSSL::PKey::RSA.new("mykey.pem")
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect

If the key you’ve got is a .p12 file (which is what the key chain utility on the mac exports) then you’ll need to convert it like so

openssl pkcs12 -in key.p12  -nocerts -nodes -out key.pem