def self.build_cert(name, key, opt = {})
Gem.ensure_ssl_available
opt = OPT.merge(opt)
ret = OpenSSL::X509::Certificate.new
ret.version = 2
ret.serial = 0
ret.public_key = key.public_key
ret.not_before = Time.now
ret.not_after = Time.now + opt[:cert_age]
ret.subject = name
ef = OpenSSL::X509::ExtensionFactory.new(nil, ret)
ret.extensions = opt[:cert_exts].map { |k, v| ef.create_extension(k, v) }
i_key, i_cert = opt[:issuer_key] || key, opt[:issuer_cert] || ret
ret = sign_cert(ret, i_key, i_cert, opt)
ret
end