rcgen

Simple Rust library to generate X.509 certificates.

extern crate rcgen;
use rcgen::generate_simple_self_signed;
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let cert = generate_simple_self_signed(subject_alt_names);
// The certificate is now valid for localhost and the domain "hello.world.example"
println!("{}", cert.serialize_pem());
println!("{}", cert.serialize_private_key_pem());

Trying it out with openssl

You can do this:

cargo run
openssl x509 -in certs/cert.pem -text -noout

For debugging, pasting the PEM formatted text to this service is very useful.

Trying it out with quinn

You can use rcgen together with the quinn crate. The whole set of commands is:

cargo run
cd ../quinn
cargo run --example server -- --cert ../rcgen/certs/cert.pem --key ../rcgen/certs/key.pem ./
cargo run --example client -- --ca ../rcgen/certs/cert.der https://localhost:4433/README.md

MSRV

The currently latest stable Rust release is the minimum Rust version that this crate supports. Having a policy reaching further back would make no sense because this crate depends on ring which has this same policy.

License

This crate is distributed under the terms of both the MIT license and the Apache License (Version 2.0), at your option.

See LICENSE for details.

License of your contributions

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.