Expand description
CUtil - A complete internal PKI toolkit for Rust
This library provides a comprehensive set of tools for managing an internal Public Key Infrastructure (PKI), including:
- Generating self-signed root and intermediate Certificate Authorities
- Issuing server and client certificates with proper extensions
- Revoking certificates and generating Certificate Revocation Lists (CRLs)
- Fetching and inspecting remote certificate chains via TLS
- Exporting certificates in various formats (PEM, PKCS#12)
§Examples
§Creating a Root CA
use cutil::ca::CertificateAuthority;
use cutil::types::{CertSigAlgo, DistinguishedName};
let subject = DistinguishedName::new("My Root CA")
.with_organization("My Company")
.with_country("US");
let ca = CertificateAuthority::new_root(
subject,
CertSigAlgo::EcdsaP256,
3650, // 10 years
).unwrap();
ca.save_pem("ca.pem", "ca-key.pem").unwrap();§Issuing a Server Certificate
use cutil::ca::CertificateAuthority;
use cutil::cert::CertificateBuilder;
use cutil::types::CertSigAlgo;
let mut ca = CertificateAuthority::load_pem(
"ca.pem",
"ca-key.pem",
CertSigAlgo::EcdsaP256,
).unwrap();
let cert = CertificateBuilder::server("example.com")
.with_dns_san("www.example.com")
.with_dns_san("api.example.com")
.with_validity_days(365)
.issue(&mut ca)
.unwrap();
cert.save_pem("server.pem", "server-key.pem").unwrap();§Fetching Remote Certificate Chain
use cutil::fetch::{fetch_certificate_chain, display_certificate_chain, OutputFormat};
let chain = fetch_certificate_chain("example.com", 443).unwrap();
let output = display_certificate_chain(&chain, OutputFormat::Pretty).unwrap();
println!("{}", output);Re-exports§
pub use error::Error;pub use error::Result;pub use ca::CertificateAuthority;pub use ca::IssuedCertificate;pub use cert::CertificateBuilder;pub use fetch::CertificateChainInfo;pub use fetch::ParsedCertificate;pub use fetch::fetch_certificate_chain;pub use types::CertSigAlgo;pub use types::CertType;pub use types::CertificateRequest;pub use types::DistinguishedName;pub use types::RevocationReason;pub use types::RevokedCertificate;pub use types::SubjectAltName;