Struct openssl::x509::X509Generator [] [src]

pub struct X509Generator {
    // some fields omitted
}

Generator of private key/certificate pairs

Example

use std::fs;
use std::fs::File;
use std::io::prelude::*;
use std::path::Path;

use openssl::crypto::hash::Type;
use openssl::x509::X509Generator;
use openssl::x509::extension::{Extension, KeyUsageOption};

let gen = X509Generator::new()
       .set_bitlength(2048)
       .set_valid_period(365*2)
       .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
       .set_sign_hash(Type::SHA256)
       .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));

let (cert, pkey) = gen.generate().unwrap();

let cert_path = "doc_cert.pem";
let mut file = File::create(cert_path).unwrap();
assert!(cert.write_pem(&mut file).is_ok());

let pkey_path = "doc_key.pem";
let mut file = File::create(pkey_path).unwrap();
assert!(pkey.write_pem(&mut file).is_ok());

Methods

impl X509Generator
[src]

Creates a new generator with the following defaults:

bit length: 1024

validity period: 365 days

CN: "rust-openssl"

hash: SHA1

Sets desired bit length

Sets certificate validity period in days since today

Add attribute to the name of the certificate

generator.add_name("CN".to_string(),"example.com".to_string());

Add multiple attributes to the name of the certificate

generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);

Add an extension to a certificate

If the extension already exists, it will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));

Add multiple extensions to a certificate

If any of the extensions already exist, they will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);

Generates a private key and a self-signed certificate and returns them

Sets the certificate public-key, then self-sign and return it Note: That the bit-length of the private key is used (set_bitlength is ignored)

Obtain a certificate signing request (CSR)