Struct openssl::x509::X509Generator [] [src]

pub struct X509Generator { /* fields omitted */ }

Generator of private key/certificate pairs

Example

use openssl::hash::MessageDigest;
use openssl::pkey::PKey;
use openssl::rsa::Rsa;
use openssl::x509::X509Generator;
use openssl::x509::extension::{Extension, KeyUsageOption};

let rsa = Rsa::generate(2048).unwrap();
let pkey = PKey::from_rsa(rsa).unwrap();

let gen = X509Generator::new()
       .set_valid_period(365*2)
       .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
       .set_sign_hash(MessageDigest::sha256())
       .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));

let cert = gen.sign(&pkey).unwrap();
let cert_pem = cert.to_pem().unwrap();
let pkey_pem = pkey.private_key_to_pem().unwrap();

Methods

impl X509Generator
[src]

Creates a new generator with the following defaults:

validity period: 365 days

CN: "rust-openssl"

hash: SHA1

Sets certificate validity period in days since today

Add attribute to the name of the certificate

generator.add_name("CN".to_string(),"example.com".to_string());

Add multiple attributes to the name of the certificate

generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);

Add an extension to a certificate

If the extension already exists, it will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));

Add multiple extensions to a certificate

If any of the extensions already exist, they will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);

Sets the certificate public-key, then self-sign and return it

Obtain a certificate signing request (CSR)