# File lib/rubygems/security.rb, line 642
  def self.build_cert(name, key, opt = {})
    Gem.ensure_ssl_available
    opt = OPT.merge(opt)

    # create new cert
    ret = OpenSSL::X509::Certificate.new

    # populate cert attributes
    ret.version = 2
    ret.serial = 0
    ret.public_key = key.public_key
    ret.not_before = Time.now
    ret.not_after = Time.now + opt[:cert_age]
    ret.subject = name

    # add certificate extensions
    ef = OpenSSL::X509::ExtensionFactory.new(nil, ret)
    ret.extensions = opt[:cert_exts].map { |k, v| ef.create_extension(k, v) }

    # sign cert
    i_key, i_cert = opt[:issuer_key] || key, opt[:issuer_cert] || ret
    ret = sign_cert(ret, i_key, i_cert, opt)

    # return cert
    ret
  end