Expand description
Rust X.509 certificate generation utility
This crate provides a way to generate self signed X.509 certificates.
The most simple way of using this crate is by calling the
generate_simple_self_signed function.
For more customization abilities, we provide the lower level
Certificate::from_params function.
§Example
extern crate rcgen;
use rcgen::generate_simple_self_signed;
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
"localhost".to_string()];
let cert = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.serialize_pem().unwrap());
println!("{}", cert.serialize_private_key_pem());Structs§
- Certificate
- A self signed certificate together with signing keys
- Certificate
Params - Parameters used for certificate generation
- Certificate
Signing Request - Data for a certificate signing request
- Custom
Extension - A custom extension of a certificate, as specified in RFC 5280
- Distinguished
Name - Distinguished name used e.g. for the issuer and subject fields of a certificate
- Distinguished
Name Iterator - Iterator over
DistinguishedNameentries - KeyPair
- A key pair used to sign certificates and CSRs
- Name
Constraints - The NameConstraints extension (only relevant for CA certificates)
- Public
Key - A public key, extracted from a CSR
- Signature
Algorithm - Signature algorithm type
Enums§
- Basic
Constraints - The path length constraint (only relevant for CA certificates)
- Cidr
Subnet - CIDR subnet, as per RFC 4632
- DnType
- The attribute type of a distinguished name entry
- DnValue
- A distinguished name entry
- Extended
KeyUsage Purpose - One of the purposes contained in the extended key usage extension
- General
Subtree - General Subtree type.
- IsCa
- Whether the certificate is allowed to sign other certificates
- KeyId
Method - Method to generate key identifiers from public keys.
- KeyUsage
Purpose - One of the purposes contained in the key usage extension
- Rcgen
Error - The error type of the rcgen crate
- SanType
- The type of subject alt name
Statics§
- PKCS_
ECDSA_ P256_ SHA256 - ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
- PKCS_
ECDSA_ P384_ SHA384 - ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
- PKCS_
ED25519 - ED25519 curve signing as per RFC 8410
- PKCS_
RSA_ SHA256 - RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- PKCS_
RSA_ SHA384 - RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
- PKCS_
RSA_ SHA512 - RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055
Traits§
- Remote
KeyPair - A private key that is not directly accessible, but can be used to sign messages
Functions§
- date_
time_ ymd - Helper to obtain an
OffsetDateTimefrom year, month, day values - generate_
simple_ self_ signed - KISS function to generate a self signed certificate