Crate rcgen

source · []
Expand description

Rust X.509 certificate generation utility

This crate provides a way to generate self signed X.509 certificates.

The most simple way of using this crate is by calling the generate_simple_self_signed function. For more customization abilities, we provide the lower level Certificate::from_params function.

Example

extern crate rcgen;
use rcgen::generate_simple_self_signed;
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let cert = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.serialize_pem().unwrap());
println!("{}", cert.serialize_private_key_pem());

Structs

Certificate

A self signed certificate together with signing keys

CertificateParams

Parameters used for certificate generation

CertificateSigningRequest

Data for a certificate signing request

CustomExtension

A custom extension of a certificate, as specified in RFC 5280

DistinguishedName

Distinguished name used e.g. for the issuer and subject fields of a certificate

DistinguishedNameIterator

Iterator over DistinguishedName entries

KeyPair

A key pair used to sign certificates and CSRs

NameConstraints

The NameConstraints extension (only relevant for CA certificates)

PublicKey

A public key, extracted from a CSR

SignatureAlgorithm

Signature algorithm type

Enums

BasicConstraints

The path length constraint (only relevant for CA certificates)

CidrSubnet

CIDR subnet, as per RFC 4632

DnType

The attribute type of a distinguished name entry

DnValue

A distinguished name entry

ExtendedKeyUsagePurpose

One of the purposes contained in the extended key usage extension

GeneralSubtree

General Subtree type.

IsCa

Whether the certificate is allowed to sign other certificates

KeyIdMethod

Method to generate key identifiers from public keys.

KeyUsagePurpose

One of the purposes contained in the key usage extension

RcgenError

The error type of the rcgen crate

SanType

The type of subject alt name

Statics

PKCS_ECDSA_P256_SHA256

ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758

PKCS_ECDSA_P384_SHA384

ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758

PKCS_ED25519

ED25519 curve signing as per RFC 8410

PKCS_RSA_SHA256

RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055

PKCS_RSA_SHA384

RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055

PKCS_RSA_SHA512

RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055

Traits

RemoteKeyPair

A private key that is not directly accessible, but can be used to sign messages

Functions

date_time_ymd

Helper to obtain an OffsetDateTime from year, month, day values

generate_simple_self_signed

KISS function to generate a self signed certificate