Library
Module
Module type
Parameter
Class
Class type
A certificate authority (CA) deals with PKCS 10 certificate signing requests, their construction and encoding, and provisioning using a private key to generate a certificate with a signature thereof.
type t = X509.Signing_request.t
The abstract type of a (self-signed) certification request.
encode_der sr
is cstruct
, the ASN.1 encoded representation of the sr
.
module Ext = X509.Signing_request.Ext
type request_info = X509.Signing_request.request_info = {
subject : X509.Distinguished_name.t;
public_key : X509.Public_key.t;
extensions : Ext.t;
}
The raw request info of a PKCS 10 certification request info.
val info : t -> request_info
info signing_request
is request_info
, the information inside the signing_request.
val signature_algorithm :
t ->
(X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) option
signature_algorithm signing_request
is the algorithm used for the signature.
val hostnames : t -> X509.Host.Set.t
hostnames signing_request
is the set of domain names this signing_request
is requesting. This is either the content of the DNS entries of the SubjectAlternativeName extension, or the common name of the signing_request
.
val decode_der :
?allowed_hashes:Mirage_crypto.Hash.hash list ->
string ->
t Core.Or_error.t
val decode_pem : string -> t Core.Or_error.t
val create :
Distinguished_name.t ->
?digest:Mirage_crypto.Hash.hash ->
?extensions:Ext.t ->
Private_key.t ->
t Core.Or_error.t
val sign :
?allowed_hashes:Mirage_crypto.Hash.hash list ->
?digest:Mirage_crypto.Hash.hash ->
?serial:Z.t ->
?extensions:Extension.t ->
t ->
Private_key.t ->
Distinguished_name.t ->
valid_from:Ptime.t ->
valid_until:Ptime.t ->
Certificate.t Core.Or_error.t