mixin crypto::CertSigner

crypto::CertSigner

Source

The CertSigner allows you to configure various options for signing a certificate from a CSR to generate a signed certifcate.

See RFC5280 for more information on configuring v3 extension values.

authKeyId

abstract This authKeyId(Buf buf)

Source

Configure the Authority Key Identifier V3 extension

basicConstraints

abstract This basicConstraints(Bool ca := false, Int? pathLenConstraint := null)

Source

Configure the Basic Constraints V3 extension

ca

abstract This ca(PrivKey caPrivKey, Cert caCert)

Source

Configure the CA private key and public certificate. If this method is not called, then a self-signed certificate will be generated.

extendedKeyUsage

abstract This extendedKeyUsage(Str[] oids)

Source

Configure the Extended Key Usage V3 extension.

keyUsage

abstract This keyUsage(Buf bits)

Source

Configure the Key Usage V3 extension

notAfter

abstract This notAfter(Date date)

Source

Configure the end date for the certificate validity period. The default value is 365 days from today.

notBefore

abstract This notBefore(Date date)

Source

Configure the start date for the certificate valdity period. The default value is today.

sign

abstract Cert sign()

Source

Generate the signed certificate based on the current configuration.

signWith

abstract This signWith(Str:Obj opts)

Source

Configure the signature algorithm to sign the certificate with. This map is configured the same as a Crypto.genCsr. By default, an implementation should choose a "strong" signing algorithm.

subjectAltName

abstract This subjectAltName(Obj name)

Source

Add a Subject Alternative Name to the certificate. This method may be called multiple times to add different SANs. The name may be one of the following types:

  • Str: a DNS name
  • Uri: a Uniform Resource Identifier name
  • IpAddr: an IP address name
subjectKeyId

abstract This subjectKeyId(Buf buf)

Source

Configure the Subject Key Identifier V3 extenstion