Crate rcgen

source · []
Expand description

Rust X.509 certificate generation utility

This crate provides a way to generate self signed X.509 certificates.

The most simple way of using this crate is by calling the generate_simple_self_signed function. For more customization abilities, we provide the lower level Certificate::from_params function.

Example

extern crate rcgen;
use rcgen::generate_simple_self_signed;
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let cert = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.serialize_pem().unwrap());
println!("{}", cert.serialize_private_key_pem());

Structs

Certificate
A self signed certificate together with signing keys
CertificateParams
Parameters used for certificate generation
CertificateSigningRequest
Data for a certificate signing request
CustomExtension
A custom extension of a certificate, as specified in RFC 5280
DistinguishedName
Distinguished name used e.g. for the issuer and subject fields of a certificate
DistinguishedNameIterator
Iterator over DistinguishedName entries
KeyPair
A key pair used to sign certificates and CSRs
NameConstraints
The NameConstraints extension (only relevant for CA certificates)
PublicKey
A public key, extracted from a CSR
SignatureAlgorithm
Signature algorithm type

Enums

BasicConstraints
The path length constraint (only relevant for CA certificates)
CidrSubnet
CIDR subnet, as per RFC 4632
DnType
The attribute type of a distinguished name entry
DnValue
A distinguished name entry
ExtendedKeyUsagePurpose
One of the purposes contained in the extended key usage extension
GeneralSubtree
General Subtree type.
IsCa
Whether the certificate is allowed to sign other certificates
KeyIdMethod
Method to generate key identifiers from public keys.
KeyUsagePurpose
One of the purposes contained in the key usage extension
RcgenError
The error type of the rcgen crate
SanType
The type of subject alt name

Statics

PKCS_ECDSA_P256_SHA256
ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
PKCS_ECDSA_P384_SHA384
ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
PKCS_ED25519
ED25519 curve signing as per RFC 8410
PKCS_RSA_SHA256
RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
PKCS_RSA_SHA384
RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
PKCS_RSA_SHA512
RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055

Traits

RemoteKeyPair
A private key that is not directly accessible, but can be used to sign messages

Functions

date_time_ymd
Helper to obtain an OffsetDateTime from year, month, day values
generate_simple_self_signed
KISS function to generate a self signed certificate