Documentation ¶
Overview ¶
Package initca contains code to initialise a certificate authority, generating a new root key and certificate.
Index ¶
- Variables
- func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)
- func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)
- func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)
- func RenewFromPEM(caFile, keyFile string) ([]byte, error)
- func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error)
- func Update(ca *x509.Certificate, priv crypto.Signer) (cert []byte, err error)
Constants ¶
This section is empty.
Variables ¶
var CAPolicy = func() *config.Signing { return &config.Signing{ Default: &config.SigningProfile{ Usage: []string{"cert sign", "crl sign"}, ExpiryString: "43800h", Expiry: 5 * helpers.OneYear, CAConstraint: config.CAConstraint{IsCA: true}, }, } }
CAPolicy contains the CA issuing policy as default policy.
Functions ¶
func New ¶
func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)
New creates a new root certificate from the certificate request.
func NewFromPEM ¶
func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)
NewFromPEM creates a new root certificate from the key file passed in.
func NewFromSigner ¶
func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)
NewFromSigner creates a new root certificate from a crypto.Signer.
func RenewFromPEM ¶
RenewFromPEM re-creates a root certificate from the CA cert and key files. The resulting root certificate will have the input CA certificate as the template and have the same expiry length. E.g. the exsiting CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.
func RenewFromSigner ¶
RenewFromSigner re-creates a root certificate from the CA cert and crypto.Signer. The resulting root certificate will have ca certificate as the template and have the same expiry length. E.g. the exsiting CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.
Types ¶
This section is empty.