On Feb 18, 2011, at 4:15 AM, Brian Candler wrote:

> Christian P. wrote in post #982402:
>> My problem is that the certificate doesn't contain a signature
>> algorithm.
> 
> Look at it using openssl x509 and it should be clear:
> 
> $ openssl x509 -in ert.pem -noout -text
> Certificate:
>    Data:
>        Version: 3 (0x2)
>        Serial Number: 1 (0x1)
>        Signature Algorithm: itu-t
>        Issuer: C=US, ST=Here, L=There, O=Where, CN=mycompany.com
>        Validity
>            Not Before: Feb 17 12:08:37 2011 GMT
>            Not After : Feb 17 12:08:37 2016 GMT
>        Subject: C=US, ST=Here, L=There, O=Where, CN=mycompany.com
>        Subject Public Key Info:
>            Public Key Algorithm: rsaEncryption
>            RSA Public Key: (1024 bit)
>                Modulus (1024 bit):
>                    00:c4:b1:7c:3d:c1:c7:c0:14:f8:7b:d4:4d:c1:80:
>                    0a:0a:5d:fe:d8:3c:c8:29:d0:45:5f:98:68:e7:06:
>                    2b:00:bf:62:09:a0:52:69:c7:c4:04:69:66:54:a5:
>                    05:bc:ac:33:b2:ea:cc:e5:e2:47:89:e6:eb:78:61:
>                    ce:0f:83:5d:00:34:38:eb:d8:23:cd:92:33:04:7f:
>                    e6:8c:04:2a:d4:9c:22:57:3c:92:2d:8d:7c:4b:e5:
>                    ad:33:2b:0c:a9:c5:ed:6b:45:c8:4c:80:11:b1:77:
>                    ca:f4:ec:71:91:31:67:9d:2b:5a:c8:b0:f3:f5:24:
>                    40:e1:f5:ac:89:d0:50:39:c3
>                Exponent: 65537 (0x10001)
>    Signature Algorithm: itu-t
> 
> The certificate contains no signature at all - you need to (self) sign 
> it.

which would be:

cert.sign key, OpenSSL::Digest::SHA1.new