key = OpenSSL::PKey::RSA.new(2048) cert = OpenSSL::X509::Certificate.new

1. key = OpenSSL::PKey::RSA.new(2048)
2. cert = OpenSSL::X509::Certificate.new
3. cert.version = 2
4. cert.serial = 1
5. cert.subject = x509_name
6. cert.issuer = x509_name
7. cert.public_key = key.public_key
8.  
9. # Some time within the last 3 years
10. cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)
11.  
12. # From http://developer.android.com/tools/publishing/app-signing.html
13. # """
14. # A validity period of more than 25 years is recommended.
15. #
16. # If you plan to publish your application(s) on Google Play, note
17. # that a validity period ending after 22 October 2033 is a
18. # requirement. You cannot upload an application if it is signed
19. # with a key whose validity expires before that date.
20. # """
21. #
22. # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with
23. # certificate not_after times later than Jan 1st 2038, since long is 32-bit.
24. # Set not_after to a random time 2~ years before the first bad date.
25. #
26. # FIXME: this will break again randomly starting in late 2033, hopefully
27. # all 32-bit systems will be dead by then...
28. #
29. # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC
30. cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))
31.  
32. # If this line is left out, signature verification fails on OSX.
33. cert.sign(key, OpenSSL::Digest::SHA1.new)