x509 0.6.2 · OCaml Package

Certificate Authority operations

Signing

type signing_request

The abstract type of a (self-signed) PKCS 10 certification request, with encoding and decoding to PEM.

type request_extensions = [

| `Password of string
| `Name of string
| `Extensions of (bool * Extension.t) list

]

The polymorphic variant of certificate request extensions, as defined in PKCS 9 (RFC 2985).

type request_info = {

subject : distinguished_name;
public_key : public_key;
extensions : request_extensions list;

}

The raw request info of a PKCS 10 certification request info.

val info : signing_request -> request_info

info signing_request is request_info, the information inside the signing_request.

val request : 
  distinguished_name ->
  ?digest:Nocrypto.Hash.hash ->
  ?extensions:request_extensions list ->
  private_key ->
  signing_request

request subject ~digest ~extensions private creates signing_request, a certification request using the given subject, digest (defaults to `SHA256) and list of extensions.

val sign : 
  signing_request ->
  valid_from:Ptime.t ->
  valid_until:Ptime.t ->
  ?digest:Nocrypto.Hash.hash ->
  ?serial:Z.t ->
  ?extensions:(bool * Extension.t) list ->
  private_key ->
  distinguished_name ->
  t

sign signing_request ~digest ~valid_from ~valid_until ~serial ~extensions private issuer creates certificate, a signed certificate. Public key and subject are taken from the signing_request, the extensions are added to the X.509 certificate. The private key is used to sign the certificate, the issuer is recorded in the certificate. The digest defaults to `SHA256. The serial defaults to a random value between 1 and 2^64. Certificate version is always 3. Please note that the extensions in the signing_request are ignored, you can pass them using:

match
  try Some (List.find (function `Extensions _ -> true | _ -> false) (info csr).extensions)
  with Not_found -> None
with
 | Some (`Extensions x) -> x
 | None -> []

package x509

Signing