X509 v0.2.0 X509.Certificate View Source
Module for issuing and working with X.509 certificates.
For conversion to and from PEM or DER format, use the generic functions in
the X509
module.
Link to this section Summary
Functions
Looks up the value of a specific extension in a certificate
Returns the list of extensions included in a certificate
Attempts to parse a certificate in DER (binary) format
Attempts to parse a certificate in PEM format
Returns the Issuer field of a certificate
Issues a new certificate
Returns the public key embedded in a certificate
Generates a new self-signed certificate
Returns the Subject field of a certificate
Converts a certificate to DER (binary) format
Converts a certificate to PEM format
Returns the Validity of a certificate
Link to this section Types
:Certificate
record , as used in Erlang’s :public_key
module
Link to this section Functions
extension(t(), X509.Certificate.Extension.extension_id() | :public_key.oid()) :: X509.Certificate.Extension.t() | nil
Looks up the value of a specific extension in a certificate.
The desired extension can be specified as an atom or an OID value. Returns
nil
if the specified extension is not present in the certificate.
extensions(t()) :: [X509.Certificate.Extension.t()]
Returns the list of extensions included in a certificate.
Attempts to parse a certificate in DER (binary) format.
The optional second parameter specifies the record type to be returned:
:OTPCertificate
(default) or :Certificate
.
Raises MatchError
when the DER certificate cannot be parsed.
Attempts to parse a certificate in PEM format.
The optional second parameter specifies the record type to be returned:
:OTPCertificate
(default) or :Certificate
.
If the data cannot be parsed as a certificate, nil
is returned.
Returns the Issuer field of a certificate.
new( X509.PublicKey.t(), String.t() | X509.RDNSequence.t(), t(), X509.PrivateKey.t(), Keyword.t() ) :: t()
Issues a new certificate.
The public key can be an RSA key or an EC key (which results in an ECDSA certificate).
The Subject can be specified as a string, to be parsed by
X509.RDNSequence.new/1
, or a custom RDN sequence tuple.
The next parameters are the issuing certificate and the associated private key (RSA or EC). The Issuer field of the new certificate is taken from the issuing certificate’s Subject.
Options:
:template
- anX509.Certificate.Template
struct, or an atom selecting a built-in template (default::server
):hash
- the hashing algorithm to use when signing the certificate (default: from template):serial
- the certificate’s serial number (default: from template, where it will typically be set tonil
, resulting in a random value):validity
- an integer specifying the certificate’s validity in days, or anX509.Certificate.Validity
record defining the ‘not before’ and ‘not after’ timestamps (default: from template):extensions
- a keyword list of extension names and values, to be merged with the extensions defined in the template; refer to theX509.Certificate.Template
documentation for details
Returns the public key embedded in a certificate.
self_signed(X509.PrivateKey.t(), String.t() | X509.RDNSequence.t(), Keyword.t()) :: t()
Generates a new self-signed certificate.
The private key is used both to sign and to extract the public key to be embedded in the certificate. It can be an RSA key or an EC key (which results in an ECDSA certificate).
The Subject can be specified as a string, to be parsed by
X509.RDNSequence.new/1
, or a custom RDN sequence tuple. The same value is
used in the Issuer field as well.
Options:
:template
- anX509.Certificate.Template
struct, or an atom selecting a built-in template (default::server
):hash
- the hashing algorithm to use when signing the certificate (default: from template):serial
- the certificate’s serial number (default: from template, where it will typically be set tonil
, resulting in a random value):validity
- an integer specifying the certificate’s validity in days, or anX509.Certificate.Validity
record defining the ‘not before’ and ‘not after’ timestamps (default: from template):extensions
- a keyword list of extension names and values, to be merged with the extensions defined in the template; refer to theX509.Certificate.Template
documentation for details
Returns the Subject field of a certificate.
Converts a certificate to DER (binary) format.
Converts a certificate to PEM format.
Returns the Validity of a certificate.