There are other ways to define the subject and other details like:

[elico]

There are other ways to define the subject and other details.
There are fields which must be pritable and some others support UTF8 String so..
And also the another option is to add into the subject fields only filled up fields, if these are empty don't add them.
Something like this:

  subjectname_arr = []
  subjectname_arr << ['C', options['subject_country'], OpenSSL::ASN1::PRINTABLESTRING]
  subjectname_arr << ['L', options['subject_location'], OpenSSL::ASN1::PRINTABLESTRING]
  subjectname_arr << ['O', options['subject_organization'], OpenSSL::ASN1::UTF8STRING]
  subjectname_arr << ['OU', options['subject_ou'], OpenSSL::ASN1::UTF8STRING] if !options['subject_ou'].nil? && !options['subject_ou'].empty?
  subjectname_arr << ['CN', options['subject_cn'], OpenSSL::ASN1::UTF8STRING]
  subjectname_arr << ['emailAddress', options['subject_email'], OpenSSL::ASN1::UTF8STRING]
  if !options['subject_id'].nil? && options['subject_id'].class == String && options['subject_id'] =~ /^[0-9]+$/
    subjectname_arr << ['0.9.2342.19200300.100.1.1', "ID##{options['subject_id']}@IL‬‬", OpenSSL::ASN1::UTF8STRING]
  else
    STDERR.puts "Not embedding subject ID since it's wrong or empty." if $debug
  end

  subjectname = OpenSSL::X509::Name.new(subjectname_arr)

  # issuername = OpenSSL::X509::Name.parse('emailAddress=eliezer@ngtech.co.il/C=IL/ST=Shomron/L=Karney Shomron/CN=Mr Eliezer Croitoru (NgTech LTD)/O=MyCA')

  issuername_arr = []
  issuername_arr << ['C', 'IL', OpenSSL::ASN1::PRINTABLESTRING]
#  issuername_arr << ['ST', 'Shomron', OpenSSL::ASN1::PRINTABLESTRING]
  issuername_arr << ['L', 'Karney Shomron', OpenSSL::ASN1::PRINTABLESTRING]
  issuername_arr << ['O', 'ngtech.co.il', OpenSSL::ASN1::UTF8STRING]
  issuername_arr << ['OU', 'IT', OpenSSL::ASN1::UTF8STRING]
  issuername_arr << ['CN', 'Mr Eliezer Croitoru (NgTech LTD)', OpenSSL::ASN1::UTF8STRING]
  issuername_arr << ['emailAddress', 'eliezer@ngtech.co.il', OpenSSL::ASN1::UTF8STRING]
  issuername_arr << ['0.9.2342.19200300.100.1.1', "ID##{eliezerID}@IL‬‬", OpenSSL::ASN1::UTF8STRING]

  issuername = OpenSSL::X509::Name.new(issuername_arr)

cert = OpenSSL::X509::Certificate.new

cert.version = 2
cert.serial = 0
cert.not_before = Time.now
cert.not_after = Time.now + (2 * 365 * 24 * 60 * 60) # 2 years

cert.public_key = key.public_key
cert.subject = subjectname
cert.issuer = issuername
....

[mltsy]

I'm not sure I understand the issue(s?). Are you saying that rather than just inserting the subjectname as a string (the current implementation), we should be inserting it as a nested array in order to embed the extra data about which fields are "printable" and which ones accept UTF-8? What benefit does that give over the current implementation? (I'm not skeptical of the value, I just don't know what that does - in fact, if you could write a spec to test how outcome differs from the current implementation, that would be ideal!)

As for the issuer details - the [limited] purpose of this gem is to easily generate self-signed certificates, so I don't think it's necessary to be able to define separate issuer details for that use-case, is it? I suppose it could be useful for other use-cases, and not too hard to add, but I don't want to make it harder to generate a self-signed cert. So it would just have to be implemented in an optional way.

[mltsy]

P.S. I'm admittedly no expert in the OpenSSL library, so if your point is just that I'm doing things inefficiently or the wrong way - I'm very open to suggestions and changes, just want to understand them before implementing them 😉