Library
Module
Module type
Parameter
Class
Class type
Certificate Authority operations
The abstract type of a (self-signed) PKCS 10 certification request, with encoding and decoding to PEM.
type request_extensions = [
| `Password of string
| `Name of string
| `Extensions of (bool * Extension.t) list
]
The polymorphic variant of certificate request extensions, as defined in PKCS 9 (RFC 2985).
type request_info = {
subject : distinguished_name;
public_key : public_key;
extensions : request_extensions list;
}
The raw request info of a PKCS 10 certification request info.
val info : signing_request -> request_info
info signing_request
is request_info
, the information inside the signing_request
.
val request :
distinguished_name ->
?digest:Nocrypto.Hash.hash ->
?extensions:request_extensions list ->
private_key ->
signing_request
request subject ~digest ~extensions private
creates signing_request
, a certification request using the given subject
, digest
(defaults to `SHA256
) and list of extensions
.
val sign :
signing_request ->
valid_from:Ptime.t ->
valid_until:Ptime.t ->
?digest:Nocrypto.Hash.hash ->
?serial:Z.t ->
?extensions:(bool * Extension.t) list ->
private_key ->
distinguished_name ->
t
sign signing_request ~digest ~valid_from ~valid_until ~serial
~extensions private issuer
creates certificate
, a signed certificate. Public key and subject are taken from the signing_request
, the extensions
are added to the X.509 certificate. The private
key is used to sign the certificate, the issuer
is recorded in the certificate. The digest defaults to `SHA256
. The serial
defaults to a random value between 1 and 2^64. Certificate version is always 3. Please note that the extensions in the signing_request
are ignored, you can pass them using:
match
try Some (List.find (function `Extensions _ -> true | _ -> false) (info csr).extensions)
with Not_found -> None
with
| Some (`Extensions x) -> x
| None -> []