I think I can even tell you which bytes are missing in your base64 :-)

If I start with your original certificate, convert it to a Sequence, 
base64 encode it and then output one character per line:

>> require 'openssl'
>> cert = OpenSSL::X509::Certificate.new(File.read("tst.cert"))
>> cert2 = OpenSSL::ASN1::Sequence.new([cert])
>> b64 = [cert2.to_der].pack("m").gsub(/\s/,'')
>> File.open("cert2.b64l","wb") { |f| b64.each_byte { |c| f.puts c.chr } }

and compare this to your posted prehash base64, also split into one 
character per line:

--- prehash.b64l  2009-10-22 09:41:50.000000000 +0100
+++ cert2.b64l  2009-10-22 09:39:09.000000000 +0100
@@ -508,6 +508,7 @@
 B
 n
 z
+A
 N
 B
 g
@@ -1018,6 +1019,7 @@
 5
 v
 c
+G
 l
 h
 L

So there are the two missing characters from prehash base64, and their 
positions - put them back and it'll all match exactly.

The moral of the story: when dealing with large amounts of base64, break 
it into short fixed-length lines. RFC 2045 says "The encoded output 
stream must be represented in lines of no more than 76 characters each"

Cheers,

Brian.
-- 
Posted via http://www.ruby-forum.com/.