Search code examples
rubysslopensslcsr

Decoding CSR using Ruby OpenSSL with SANs

I have been using the Ruby openssl module to decode information from a CSR.

I have the basic CSR decoded, but I cannot work out how to retrieve the Subject Alternate Names from the CSR.

Code so far:

require 'openssl'

def parse_csr(csr)
  csr = OpenSSL::X509::Request.new csr

  puts csr.subject.to_a

  csr.subject.to_a.inject({}) do |r, s|
    r.merge!(s[0] => s[1])
  end
end

Any help is much appreciated.

CSR is attached below:

-----BEGIN CERTIFICATE REQUEST-----
MIIDQDCCAigCAQAwgYMxCzAJBgNVBAYTAkdCMQ0wCwYDVQQIDARUZXN0MQ0wCwYD
VQQHDARUZXN0MRAwDgYDVQQKDAdUZXN0aW5nMQ0wCwYDVQQLDARUZXN0MRcwFQYD
VQQDDA50ZXN0ZG9tYWluLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0Lm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkWhXbTUa4nmMnVAiYi
duZAXzZwYEj5tr9LTk5MmwremGEB/I7ubCtsmYci6FNaOmPCbE5HHwViiHrmpDLU
Vswah7soAj1EZn5XuyXP/ElQDvJlEm8DQHMcZ1M9Ylpnhfx4hkvI5bIMRc3wfT/S
30po8MFYdVMICsw2QfOq0J793p1OMMFkG2CPdoHrHnn1k+WL3tHo2Jq7eM61Fs9O
vpvsvmaEf7081aRp4QjZRqkzBZ3zJgjA+RIbjntYpIhUJgupMEsBgVtR2jYlG7e+
n/AFqXmgskk53XqLPjRcSzxEVLL6NFw5x6nLlIn1jmBm7+KwgYZigUYZf8554w0F
fRECAwEAAaB3MHUGCSqGSIb3DQEJDjFoMGYwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMC0GA1UdEQQmMCSCIm90
aGVydGVzdGRvbWFpbi5jb20gdGVzdGluZzEyMy5jb20wDQYJKoZIhvcNAQELBQAD
ggEBADIRFFhBjlJQxKwDwZefrAVbHwZ/+ZAo2vC5/bwVOjMhpccRLGrBApvN1iN6
LYBGkjNVSrTlzYfbHI10GI6wNcHJ+ETX8YJWpNUrpKhHENapqChjm29j6O9xcY3U
GyeRCsRUENEyryiQ9w7e4dItxPnzzLlo3W2dR28mzjhz9hcn8xQ5HulXxiwDrYxN
LD35QQ8mcb62F4Gg7I40w//pEG/3rbCW6DSjYxk/EXuUyQx3ItRVOPDBlG3oqFzU
o6/ug01RuOpiAR64jqY8Ih7AYd5Nj5d+wYorYxkHV0zgqIobhERQrb6p9Vz6pKsH
lH6QxnVtY5GhSpx6bGKOjV0LyGo=
-----END CERTIFICATE REQUEST-----

Console Output:

dan~/Documents/dev/csrgen(master|✚6…) boo % ruby test.rb
C
GB
19
ST
Test
12
L
Test
12
O
Testing
12
OU
Test
12
CN
testdomain.com
12
emailAddress
[email protected]
22

{"C"=>"GB", "ST"=>"Test", "L"=>"Test", "O"=>"Testing", "OU"=>"Test", "CN"=>"testdomain.com", "emailAddress"=>"[email protected]"}
Solution

  • Try using .to_text to get full text version and scan for Subject Alternative Name.

     > csr.to_text.scan(/Subject Alternative Name:\s*([^\n\r]*)/)
 => [["DNS:othertestdomain.com testing123.com"]]