On This Page
Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
package x509
Certificate Authority operations
Signing
The abstract type of a (self-signed) PKCS 10 certification request, with encoding and decoding to PEM.
type request_extensions = [ | `Password of string| `Name of string| `Extensions of (bool * Extension.t) list
]The polymorphic variant of certificate request extensions, as defined in PKCS 9 (RFC 2985).
type request_info = {subject : distinguished_name;public_key : public_key;extensions : request_extensions list;
}The raw request info of a PKCS 10 certification request info.
val info : signing_request -> request_infoinfo signing_request is request_info, the information inside the signing_request.
val request :
distinguished_name ->
?digest:Nocrypto.Hash.hash ->
?extensions:request_extensions list ->
private_key ->
signing_requestrequest subject ~digest ~extensions private creates signing_request, a certification request using the given subject, digest (defaults to `SHA256) and list of extensions.
val sign :
signing_request ->
valid_from:Asn.Time.t ->
valid_until:Asn.Time.t ->
?digest:Nocrypto.Hash.hash ->
?serial:Z.t ->
?extensions:(bool * Extension.t) list ->
private_key ->
distinguished_name ->
tsign signing_request ~digest ~valid_from ~valid_until ~serial
~extensions private issuer creates certificate, a signed certificate. Public key and subject are taken from the signing_request, the extensions are added to the X.509 certificate. The private key is used to sign the certificate, the issuer is recorded in the certificate. The digest defaults to `SHA256. The serial defaults to a random value between 1 and 2^64. Certificate version is always 3. Please note that the extensions in the signing_request are ignored, you can pass them using:
match
try Some (List.find (function `Extensions _ -> true | _ -> false) (info csr).extensions)
with Not_found -> None
with
| Some (`Extensions x) -> x
| None -> [].
On This Page