Library
Module
Module type
Parameter
Class
Class type
A certificate authority (CA) deals with PKCS 10 certificate signing requests, their construction and encoding, and provisioning using a private key to generate a certificate with a signature thereof.
val decode_der : Cstruct.t -> (t, [> Rresult.R.msg ]) Rresult.result
decode_der cstruct
is signing_request
, the ASN.1 decoded cstruct
or an error.
encode_der sr
is cstruct
, the ASN.1 encoded representation of the sr
.
val decode_pem : Cstruct.t -> (t, [> Rresult.R.msg ]) Rresult.result
decode_pem pem
is t
, where the single signing request of the pem
is extracted
module Ext : sig ... end
The raw request info of a PKCS 10 certification request info.
val info : t -> request_info
info signing_request
is request_info
, the information inside the signing_request
.
val create :
Distinguished_name.t ->
?digest:Nocrypto.Hash.hash ->
?extensions:Ext.t ->
Private_key.t ->
t
create subject ~digest ~extensions private
creates signing_request
, a certification request using the given subject
, digest
(defaults to `SHA256
) and list of extensions
.
val sign :
t ->
valid_from:Ptime.t ->
valid_until:Ptime.t ->
?digest:Nocrypto.Hash.hash ->
?serial:Z.t ->
?extensions:Extension.t ->
Private_key.t ->
Distinguished_name.t ->
Certificate.t
sign signing_request ~digest ~valid_from ~valid_until ~serial ~extensions private issuer
creates certificate
, a signed certificate. Public key and subject are taken from the signing_request
, the extensions
are added to the X.509 certificate. The private
key is used to sign the certificate, the issuer
is recorded in the certificate. The digest defaults to `SHA256
. The serial
defaults to a random value between 1 and 2^64. Certificate version is always 3. Please note that the extensions in the signing_request
are ignored, you can pass them using:
match Ext.find Extensions (info csr).extensions with
| Ok ext -> ext
| Error _ -> Extension.empty