Daniel Danopia wrote: >> it wants a Base64 encoding (I got that > part) of a PkiPath of a DER-encoded cert chain. I can't figure out how > to generate the last two in Ruby. Do you have a test case you can share - i.e. an actual certificate in PEM format, together with the corresponding hash? Ruby provides a very thin layer on top of OpenSSL's API, so if you can answer the question for openssl you can probably do it in Ruby. Googling for "openssl pkipath" I found this, which at least defines the pkipath: http://marc.info/?l=openssl-users&m=109655589300276&w=2 Encoding an ASN1 'Sequence' is fairly straightforward, and so is converting it to DER. >> OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::IA5String.new("hello"), OpenSSL::ASN1::IA5String.new("world")]).to_der => "0\016\026\005hello\026\005world" So my first attempt would be something along the lines of: >> c1 = OpenSSL::X509::Certificate.new(File.read("/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority.pem")) >> c2 = OpenSSL::X509::Certificate.new(File.read("/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem")) >> OpenSSL::ASN1::Sequence.new([c1,c2]) If you have the source code to the Java libraries referred to in the example code, that may help too. -- Posted via http://www.ruby-forum.com/.