Expand description

Rust X.509 certificate generation utility

This crate provides a way to generate self signed X.509 certificates.

The most simple way of using this crate is by calling the generate_simple_self_signed function. For more customization abilities, we provide the lower level Certificate::from_params function.

Example

extern crate rcgen;
use rcgen::generate_simple_self_signed;
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let cert = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.serialize_pem().unwrap());
println!("{}", cert.serialize_private_key_pem());

Structs

A self signed certificate together with signing keys
Parameters used for certificate generation
Data for a certificate signing request
A custom extension of a certificate, as specified in RFC 5280
Distinguished name used e.g. for the issuer and subject fields of a certificate
A key pair used to sign certificates and CSRs
The NameConstraints extension (only relevant for CA certificates)
A public key, extracted from a CSR
Signature algorithm type

Enums

The path length constraint (only relevant for CA certificates)
CIDR subnet, as per RFC 4632
The attribute type of a distinguished name entry
A distinguished name entry
One of the purposes contained in the extended key usage extension
General Subtree type.
Whether the certificate is allowed to sign other certificates
Method to generate key identifiers from public keys.
One of the purposes contained in the key usage extension
The error type of the rcgen crate
The type of subject alt name

Statics

ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
ED25519 curve signing as per RFC 8410
RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055

Traits

A private key that is not directly accessible, but can be used to sign messages

Functions

Helper to obtain an OffsetDateTime from year, month, day values
KISS function to generate a self signed certificate