Struct rcgen::CertificateParams
source · #[non_exhaustive]pub struct CertificateParams {Show 15 fields
pub alg: &'static SignatureAlgorithm,
pub not_before: OffsetDateTime,
pub not_after: OffsetDateTime,
pub serial_number: Option<SerialNumber>,
pub subject_alt_names: Vec<SanType>,
pub distinguished_name: DistinguishedName,
pub is_ca: IsCa,
pub key_usages: Vec<KeyUsagePurpose>,
pub extended_key_usages: Vec<ExtendedKeyUsagePurpose>,
pub name_constraints: Option<NameConstraints>,
pub crl_distribution_points: Vec<CrlDistributionPoint>,
pub custom_extensions: Vec<CustomExtension>,
pub key_pair: Option<KeyPair>,
pub use_authority_key_identifier_extension: bool,
pub key_identifier_method: KeyIdMethod,
}
Expand description
Parameters used for certificate generation
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.alg: &'static SignatureAlgorithm
§not_before: OffsetDateTime
§not_after: OffsetDateTime
§serial_number: Option<SerialNumber>
§subject_alt_names: Vec<SanType>
§distinguished_name: DistinguishedName
§is_ca: IsCa
§key_usages: Vec<KeyUsagePurpose>
§extended_key_usages: Vec<ExtendedKeyUsagePurpose>
§name_constraints: Option<NameConstraints>
§crl_distribution_points: Vec<CrlDistributionPoint>
An optional list of certificate revocation list (CRL) distribution points as described in RFC 5280 Section 4.2.1.131. Each distribution point contains one or more URIs where an up-to-date CRL with scope including this certificate can be retrieved.
custom_extensions: Vec<CustomExtension>
§key_pair: Option<KeyPair>
The certificate’s key pair, a new random key pair will be generated if this is None
If true
, the ‘Authority Key Identifier’ extension will be added to the generated cert
key_identifier_method: KeyIdMethod
Method to generate key identifiers from public keys
Defaults to SHA-256.
Implementations§
source§impl CertificateParams
impl CertificateParams
sourcepub fn from_ca_cert_pem(
pem_str: &str,
key_pair: KeyPair
) -> Result<Self, RcgenError>
pub fn from_ca_cert_pem( pem_str: &str, key_pair: KeyPair ) -> Result<Self, RcgenError>
Parses a ca certificate from the ASCII PEM format for signing
See from_ca_cert_der
for more details.
sourcepub fn from_ca_cert_der(
ca_cert: &[u8],
key_pair: KeyPair
) -> Result<Self, RcgenError>
pub fn from_ca_cert_der( ca_cert: &[u8], key_pair: KeyPair ) -> Result<Self, RcgenError>
Parses a ca certificate from the DER format for signing
This function is only of use if you have an existing ca certificate with
which you want to sign a certificate newly generated by rcgen
using the
serialize_der_with_signer
or
serialize_pem_with_signer
functions.
This function only extracts from the given ca cert the information needed for signing. Any information beyond that is not extracted and left to defaults.
Will not check if certificate is a ca certificate!