X509 v0.2.0 X509.Certificate View Source

Module for issuing and working with X.509 certificates.

For conversion to and from PEM or DER format, use the generic functions in the X509 module.

Link to this section Summary

Types

t()

:Certificate record , as used in Erlang’s :public_key module

Functions

Looks up the value of a specific extension in a certificate

Returns the list of extensions included in a certificate

Attempts to parse a certificate in DER (binary) format

Attempts to parse a certificate in PEM format

Returns the Issuer field of a certificate

Returns the public key embedded in a certificate

Generates a new self-signed certificate

Returns the Subject field of a certificate

Converts a certificate to DER (binary) format

Converts a certificate to PEM format

Returns the Validity of a certificate

Link to this section Types

:Certificate record , as used in Erlang’s :public_key module

Link to this section Functions

Looks up the value of a specific extension in a certificate.

The desired extension can be specified as an atom or an OID value. Returns nil if the specified extension is not present in the certificate.

Returns the list of extensions included in a certificate.

Link to this function from_der(der, type \\ :OTPCertificate) View Source
from_der(binary(), OTPCertificate | Certificate) :: t() | no_return()

Attempts to parse a certificate in DER (binary) format.

The optional second parameter specifies the record type to be returned: :OTPCertificate (default) or :Certificate.

Raises MatchError when the DER certificate cannot be parsed.

Link to this function from_pem(pem, type \\ :OTPCertificate) View Source
from_pem(String.t(), OTPCertificate | Certificate) :: t() | nil

Attempts to parse a certificate in PEM format.

The optional second parameter specifies the record type to be returned: :OTPCertificate (default) or :Certificate.

If the data cannot be parsed as a certificate, nil is returned.

Returns the Issuer field of a certificate.

Link to this function new(public_key, subject_rdn, issuer, issuer_key, opts \\ []) View Source

Issues a new certificate.

The public key can be an RSA key or an EC key (which results in an ECDSA certificate).

The Subject can be specified as a string, to be parsed by X509.RDNSequence.new/1, or a custom RDN sequence tuple.

The next parameters are the issuing certificate and the associated private key (RSA or EC). The Issuer field of the new certificate is taken from the issuing certificate’s Subject.

Options:

  • :template - an X509.Certificate.Template struct, or an atom selecting a built-in template (default: :server)
  • :hash - the hashing algorithm to use when signing the certificate (default: from template)
  • :serial - the certificate’s serial number (default: from template, where it will typically be set to nil, resulting in a random value)
  • :validity - an integer specifying the certificate’s validity in days, or an X509.Certificate.Validity record defining the ‘not before’ and ‘not after’ timestamps (default: from template)
  • :extensions - a keyword list of extension names and values, to be merged with the extensions defined in the template; refer to the X509.Certificate.Template documentation for details
Link to this function public_key(arg) View Source
public_key(t()) :: X509.PublicKey.t()

Returns the public key embedded in a certificate.

Link to this function self_signed(private_key, subject_rdn, opts \\ []) View Source
self_signed(X509.PrivateKey.t(), String.t() | X509.RDNSequence.t(), Keyword.t()) ::
  t()

Generates a new self-signed certificate.

The private key is used both to sign and to extract the public key to be embedded in the certificate. It can be an RSA key or an EC key (which results in an ECDSA certificate).

The Subject can be specified as a string, to be parsed by X509.RDNSequence.new/1, or a custom RDN sequence tuple. The same value is used in the Issuer field as well.

Options:

  • :template - an X509.Certificate.Template struct, or an atom selecting a built-in template (default: :server)
  • :hash - the hashing algorithm to use when signing the certificate (default: from template)
  • :serial - the certificate’s serial number (default: from template, where it will typically be set to nil, resulting in a random value)
  • :validity - an integer specifying the certificate’s validity in days, or an X509.Certificate.Validity record defining the ‘not before’ and ‘not after’ timestamps (default: from template)
  • :extensions - a keyword list of extension names and values, to be merged with the extensions defined in the template; refer to the X509.Certificate.Template documentation for details

Returns the Subject field of a certificate.

Link to this function to_der(certificate) View Source
to_der(t()) :: binary()

Converts a certificate to DER (binary) format.

Link to this function to_pem(certificate) View Source
to_pem(t()) :: String.t()

Converts a certificate to PEM format.

Returns the Validity of a certificate.