mixin crypto::CertSigner
crypto::CertSigner
The CertSigner allows you to configure various options for signing a certificate from a CSR
to generate a signed certifcate
.
See RFC5280 for more information on configuring v3 extension values.
- authKeyId
-
abstract This authKeyId(Buf buf)
Configure the Authority Key Identifier V3 extension
- basicConstraints
-
abstract This basicConstraints(Bool ca := false, Int? pathLenConstraint := null)
Configure the Basic Constraints V3 extension
- ca
-
abstract This ca(PrivKey caPrivKey, Cert caCert)
Configure the CA private key and public certificate. If this method is not called, then a self-signed certificate will be generated.
- extendedKeyUsage
-
abstract This extendedKeyUsage(List<Str> oids)
Configure the Extended Key Usage V3 extension.
- keyUsage
-
abstract This keyUsage(Buf bits)
Configure the Key Usage V3 extension
- notAfter
-
abstract This notAfter(Date date)
Configure the end date for the certificate validity period. The default value is 365 days from today.
- notBefore
-
abstract This notBefore(Date date)
Configure the start date for the certificate valdity period. The default value is today.
- sign
-
abstract Cert sign()
Generate the signed certificate based on the current configuration.
- signWith
-
abstract This signWith(Map<Str,Obj> opts)
Configure the signature algorithm to sign the certificate with. This map is configured the same as a
Crypto.genCsr
. By default, an implementation should choose a "strong" signing algorithm. - subjectAltName
-
abstract This subjectAltName(Obj name)
Add a Subject Alternative Name to the certificate. This method may be called multiple times to add different SANs. The
name
may be one of the following types:Str
: a DNS nameUri
: a Uniform Resource Identifier nameIpAddr
: an IP address name
- subjectKeyId
-
abstract This subjectKeyId(Buf buf)
Configure the Subject Key Identifier V3 extenstion