package tls-async

  1. Overview
  2. Docs

A certificate authority (CA) deals with PKCS 10 certificate signing requests, their construction and encoding, and provisioning using a private key to generate a certificate with a signature thereof.

The abstract type of a (self-signed) certification request.

Decoding and encoding in ASN.1 DER and PEM format

val encode_der : t -> Cstruct.t

encode_der sr is cstruct, the ASN.1 encoded representation of the sr.

val encode_pem : t -> Cstruct.t

encode_pem signing_request is pem, the pem encoded signing request.

Construction of a signing request

module Ext = X509.Signing_request.Ext
type request_info = X509.Signing_request.request_info = {
  1. subject : X509.Distinguished_name.t;
  2. public_key : X509.Public_key.t;
  3. extensions : Ext.t;
}

The raw request info of a PKCS 10 certification request info.

val info : t -> request_info

info signing_request is request_info, the information inside the signing_request.

val signature_algorithm : t -> (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) option

signature_algorithm signing_request is the algorithm used for the signature.

val hostnames : t -> X509.Host.Set.t

hostnames signing_request is the set of domain names this signing_request is requesting. This is either the content of the DNS entries of the SubjectAlternativeName extension, or the common name of the signing_request.

Provision a signing request to a certificate

val decode_der : ?allowed_hashes:Mirage_crypto.Hash.hash list -> string -> t Core.Or_error.t
val decode_pem : string -> t Core.Or_error.t
val create : Distinguished_name.t -> ?digest:Mirage_crypto.Hash.hash -> ?extensions:Ext.t -> Private_key.t -> t Core.Or_error.t
val sign : ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?digest:Mirage_crypto.Hash.hash -> ?serial:Z.t -> ?extensions:Extension.t -> t -> Private_key.t -> Distinguished_name.t -> valid_from:Ptime.t -> valid_until:Ptime.t -> Certificate.t Core.Or_error.t