Expand description
Rust X.509 certificate generation utility
This crate provides a way to generate self signed X.509 certificates.
The most simple way of using this crate is by calling the
generate_simple_self_signed
function.
For more customization abilities, construct a CertificateParams
and
a key pair to call CertificateParams::signed_by()
or CertificateParams::self_signed()
.
§Example
extern crate rcgen;
use rcgen::{generate_simple_self_signed, CertifiedKey};
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
"localhost".to_string()];
let CertifiedKey { cert, key_pair } = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.pem());
println!("{}", key_pair.serialize_pem());
Structs§
- ASN.1
BMPString
type. - An issued certificate together with the parameters used to generate it.
- Parameters used for certificate generation
- A certificate revocation list (CRL)
- Parameters used for certificate revocation list (CRL) generation
- A certificate signing request (CSR) that can be encoded to PEM or DER.
- Parameters for a certificate signing request
- An issued certificate, together with the subject keypair.
- A certificate revocation list (CRL) distribution point, to be included in a certificate’s distribution points extension or a CRL’s issuing distribution point extension
- A certificate revocation list (CRL) issuing distribution point, to be included in a CRL’s issuing distribution point extension.
- A custom extension of a certificate, as specified in RFC 5280
- Distinguished name used e.g. for the issuer and subject fields of a certificate
- Iterator over
DistinguishedName
entries - ASN.1
IA5String
type. - A key pair used to sign certificates and CSRs
- The NameConstraints extension (only relevant for CA certificates)
- ASN.1
PrintableString
type. - A public key, extracted from a CSR
- Parameters used for describing a revoked certificate included in a
CertificateRevocationList
. - A certificate serial number.
- Signature algorithm type
- ASN.1
TeletexString
type. - ASN.1
UniversalString
type.
Enums§
- The path length constraint (only relevant for CA certificates)
- CIDR subnet, as per RFC 4632
- Describes the scope of a CRL for an issuing distribution point extension.
- The attribute type of a distinguished name entry
- A distinguished name entry
- The error type of the rcgen crate
- One of the purposes contained in the extended key usage extension
- General Subtree type.
- Invalid ASN.1 string type
- Whether the certificate is allowed to sign other certificates
- Method to generate key identifiers from public keys.
- One of the purposes contained in the key usage extension
- An
OtherName
value, defined in RFC 5280§4.1.2.4. - Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
- The type of subject alt name
Statics§
- ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
- ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
- ED25519 curve signing as per RFC 8410
- RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055
Traits§
- A private key that is not directly accessible, but can be used to sign messages
Functions§
- Helper to obtain an
OffsetDateTime
from year, month, day values - KISS function to generate a self signed certificate
Type Aliases§
- RcgenErrorDeprecatedType-alias for the old name of
Error
.