Expand description
Rust X.509 certificate generation utility
This crate provides a way to generate self signed X.509 certificates.
The most simple way of using this crate is by calling the
generate_simple_self_signed function.
For more customization abilities, construct a CertificateParams and
a key pair to call CertificateParams::signed_by() or CertificateParams::self_signed().
§Example
use rcgen::{generate_simple_self_signed, CertifiedKey};
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
"localhost".to_string()];
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.pem());
println!("{}", key_pair.serialize_pem());Structs§
- Attribute
- A PKCS #10 CSR attribute, as defined in RFC 5280 and constrained by RFC 2986.
- BmpString
- ASN.1
BMPStringtype. - Certificate
- An issued certificate together with the parameters used to generate it.
- Certificate
Params - Parameters used for certificate generation
- Certificate
Revocation List - A certificate revocation list (CRL)
- Certificate
Revocation List Params - Parameters used for certificate revocation list (CRL) generation
- Certificate
Signing Request - A certificate signing request (CSR) that can be encoded to PEM or DER.
- Certificate
Signing Request Params - Parameters for a certificate signing request
- Certified
Key - An issued certificate, together with the subject keypair.
- CrlDistribution
Point - A certificate revocation list (CRL) distribution point, to be included in a certificate’s distribution points extension or a CRL’s issuing distribution point extension
- CrlIssuing
Distribution Point - A certificate revocation list (CRL) issuing distribution point, to be included in a CRL’s issuing distribution point extension.
- Custom
Extension - A custom extension of a certificate, as specified in RFC 5280
- Distinguished
Name - Distinguished name used e.g. for the issuer and subject fields of a certificate
- Distinguished
Name Iterator - Iterator over
DistinguishedNameentries - Ia5String
- ASN.1
IA5Stringtype. - KeyPair
- A key pair used to sign certificates and CSRs
- Name
Constraints - The NameConstraints extension (only relevant for CA certificates)
- Printable
String - ASN.1
PrintableStringtype. - Public
Key - A public key, extracted from a CSR
- Revoked
Cert Params - Parameters used for describing a revoked certificate included in a
CertificateRevocationList. - Serial
Number - A certificate serial number.
- Signature
Algorithm - Signature algorithm type
- Subject
Public KeyInfo - A public key
- Teletex
String - ASN.1
TeletexStringtype. - Universal
String - ASN.1
UniversalStringtype.
Enums§
- Basic
Constraints - The path length constraint (only relevant for CA certificates)
- Cidr
Subnet - CIDR subnet, as per RFC 4632
- CrlScope
- Describes the scope of a CRL for an issuing distribution point extension.
- DnType
- The attribute type of a distinguished name entry
- DnValue
- A distinguished name entry
- Error
- The error type of the rcgen crate
- Extended
KeyUsage Purpose - One of the purposes contained in the extended key usage extension
- General
Subtree - General Subtree type.
- Invalid
Asn1 String - Invalid ASN.1 string type
- IsCa
- Whether the certificate is allowed to sign other certificates
- KeyId
Method - Method to generate key identifiers from public keys.
- KeyUsage
Purpose - One of the purposes contained in the key usage extension
- Other
Name Value - An
OtherNamevalue, defined in RFC 5280§4.1.2.4. - Revocation
Reason - Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
- SanType
- The type of subject alt name
Statics§
- PKCS_
ECDSA_ P256_ SHA256 - ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
- PKCS_
ECDSA_ P384_ SHA384 - ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
- PKCS_
ED25519 - ED25519 curve signing as per RFC 8410
- PKCS_
RSA_ SHA256 - RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- PKCS_
RSA_ SHA384 - RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- PKCS_
RSA_ SHA512 - RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055
Traits§
- Public
KeyData - The public key data of a key pair
- Remote
KeyPair - A private key that is not directly accessible, but can be used to sign messages
Functions§
- date_
time_ ymd - Helper to obtain an
OffsetDateTimefrom year, month, day values - generate_
simple_ self_ signed crypto - KISS function to generate a self signed certificate
Type Aliases§
- Rcgen
Error Deprecated - Type-alias for the old name of
Error.