Struct rcgen::CertificateParams

#[non_exhaustive]
pub struct CertificateParams {

    pub alg: &'static SignatureAlgorithm,
    pub not_before: OffsetDateTime,
    pub not_after: OffsetDateTime,
    pub serial_number: Option<SerialNumber>,
    pub subject_alt_names: Vec<SanType>,
    pub distinguished_name: DistinguishedName,
    pub is_ca: IsCa,
    pub key_usages: Vec<KeyUsagePurpose>,
    pub extended_key_usages: Vec<ExtendedKeyUsagePurpose>,
    pub name_constraints: Option<NameConstraints>,
    pub crl_distribution_points: Vec<CrlDistributionPoint>,
    pub custom_extensions: Vec<CustomExtension>,
    pub key_pair: Option<KeyPair>,
    pub use_authority_key_identifier_extension: bool,
    pub key_identifier_method: KeyIdMethod,
}

Parameters used for certificate generation

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

alg: &'static SignatureAlgorithm

not_before: OffsetDateTime

not_after: OffsetDateTime

serial_number: Option<SerialNumber>

subject_alt_names: Vec<SanType>

distinguished_name: DistinguishedName

is_ca: IsCa

key_usages: Vec<KeyUsagePurpose>

extended_key_usages: Vec<ExtendedKeyUsagePurpose>

name_constraints: Option<NameConstraints>

crl_distribution_points: Vec<CrlDistributionPoint>

An optional list of certificate revocation list (CRL) distribution points as described in RFC 5280 Section 4.2.1.13¹. Each distribution point contains one or more URIs where an up-to-date CRL with scope including this certificate can be retrieved.

---

1. https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.13 ↩

custom_extensions: Vec<CustomExtension>

key_pair: Option<KeyPair>

The certificate’s key pair, a new random key pair will be generated if this is None

use_authority_key_identifier_extension: bool

If true, the ‘Authority Key Identifier’ extension will be added to the generated cert

key_identifier_method: KeyIdMethod

Method to generate key identifiers from public keys

Defaults to SHA-256.

Implementations

impl CertificateParams

pub fn from_ca_cert_pem( pem_str: &str, key_pair: KeyPair ) -> Result<Self, RcgenError>

Parses a ca certificate from the ASCII PEM format for signing

See from_ca_cert_der for more details.

pub fn from_ca_cert_der( ca_cert: &[u8], key_pair: KeyPair ) -> Result<Self, RcgenError>

Parses a ca certificate from the DER format for signing

This function is only of use if you have an existing ca certificate with which you want to sign a certificate newly generated by rcgen using the serialize_der_with_signer or serialize_pem_with_signer functions.

This function only extracts from the given ca cert the information needed for signing. Any information beyond that is not extracted and left to defaults.

Will not check if certificate is a ca certificate!

impl CertificateParams

pub fn new(subject_alt_names: impl Into<Vec<String>>) -> Self

Generate certificate parameters with reasonable defaults

Trait Implementations

impl Default for CertificateParams

fn default() -> Self

Returns the “default value” for a type.