initca

package
v1.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2022 License: BSD-2-Clause Imports: 15 Imported by: 0

Documentation

Overview

Package initca contains code to initialise a certificate authority, generating a new root key and certificate.

Index

Constants

This section is empty.

Variables

View Source
var CAPolicy = func() *config.Signing {
	return &config.Signing{
		Default: &config.SigningProfile{
			Usage:        []string{"cert sign", "crl sign"},
			ExpiryString: "43800h",
			Expiry:       5 * helpers.OneYear,
			CAConstraint: config.CAConstraint{IsCA: true},
		},
	}
}

CAPolicy contains the CA issuing policy as default policy.

Functions

func New

func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)

New creates a new root certificate from the certificate request.

func NewFromPEM

func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)

NewFromPEM creates a new root certificate from the key file passed in.

func NewFromSigner

func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)

NewFromSigner creates a new root certificate from a crypto.Signer.

func RenewFromPEM

func RenewFromPEM(caFile, keyFile string) ([]byte, error)

RenewFromPEM re-creates a root certificate from the CA cert and key files. The resulting root certificate will have the input CA certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func RenewFromSigner

func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error)

RenewFromSigner re-creates a root certificate from the CA cert and crypto.Signer. The resulting root certificate will have ca certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func Update

func Update(ca *x509.Certificate, priv crypto.Signer) (cert []byte, err error)

Update copies the CA certificate, updates the NotBefore and NotAfter fields, and then re-signs the certificate.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL