Crate rcgen

Rust X.509 certificate generation utility

This crate provides a way to generate self signed X.509 certificates.

The most simple way of using this crate is by calling the generate_simple_self_signed function. For more customization abilities, we provide the lower level Certificate::from_params function.

Example

extern crate rcgen;
use rcgen::generate_simple_self_signed;
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let cert = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.serialize_pem().unwrap());
println!("{}", cert.serialize_private_key_pem());

Structs

• Certificate
  A self signed certificate together with signing keys
• CertificateParams
  Parameters used for certificate generation
• CertificateRevocationList
  A certificate revocation list (CRL)
• CertificateRevocationListParams
  Parameters used for certificate revocation list (CRL) generation
• CertificateSigningRequest
  Data for a certificate signing request
• CrlDistributionPoint
  A certificate revocation list (CRL) distribution point, to be included in a certificate’s distribution points extension or a CRL’s issuing distribution point extension
• CrlIssuingDistributionPoint
  A certificate revocation list (CRL) issuing distribution point, to be included in a CRL’s issuing distribution point extension.
• CustomExtension
  A custom extension of a certificate, as specified in RFC 5280
• DistinguishedName
  Distinguished name used e.g. for the issuer and subject fields of a certificate
• DistinguishedNameIterator
  Iterator over DistinguishedName entries
• KeyPair
  A key pair used to sign certificates and CSRs
• NameConstraints
  The NameConstraints extension (only relevant for CA certificates)
• PublicKey
  A public key, extracted from a CSR
• RevokedCertParams
  Parameters used for describing a revoked certificate included in a CertificateRevocationList.
• SerialNumber
  A certificate serial number.
• SignatureAlgorithm
  Signature algorithm type

Enums

• BasicConstraints
  The path length constraint (only relevant for CA certificates)
• CidrSubnet
  CIDR subnet, as per RFC 4632
• CrlScope
  Describes the scope of a CRL for an issuing distribution point extension.
• DnType
  The attribute type of a distinguished name entry
• DnValue
  A distinguished name entry
• Error
  The error type of the rcgen crate
• ExtendedKeyUsagePurpose
  One of the purposes contained in the extended key usage extension
• GeneralSubtree
  General Subtree type.
• IsCa
  Whether the certificate is allowed to sign other certificates
• KeyIdMethod
  Method to generate key identifiers from public keys.
• KeyUsagePurpose
  One of the purposes contained in the key usage extension
• RevocationReason
  Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
• SanType
  The type of subject alt name

Statics

• PKCS_ECDSA_P256_SHA256
  ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
• PKCS_ECDSA_P384_SHA384
  ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
• PKCS_ED25519
  ED25519 curve signing as per RFC 8410
• PKCS_RSA_SHA256
  RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
• PKCS_RSA_SHA384
  RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
• PKCS_RSA_SHA512
  RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055

Traits

• RemoteKeyPair
  A private key that is not directly accessible, but can be used to sign messages

Functions

• date_time_ymd
  Helper to obtain an OffsetDateTime from year, month, day values
• generate_simple_self_signed
  KISS function to generate a self signed certificate

Type Aliases

• RcgenErrorDeprecated
  Type-alias for the old name of Error.