Pike v8.1 release 6

Method Standards.X509.make_selfsigned_certificate()


Method make_selfsigned_certificate

string make_selfsigned_certificate(Crypto.Sign.State c, int ttl, mapping|array name, mapping(Identifier:Sequence)|void extensions, void|Crypto.Hash h, void|int serial)

Description

Creates a selfsigned certificate, i.e. where issuer and subject are the same entity. This entity is derived from the list of pairs in name, which is encoded into an distinguished_name by Standards.PKCS.Certificate.build_distinguished_name.

Parameter c

The public key cipher used for the certificate, Crypto.RSA, Crypto.DSA or Crypto.ECC.Curve.ECDSA. The object should be initialized with both public and private keys.

Parameter ttl

The validity of the certificate, in seconds, starting from creation date.

Parameter name

List of properties to create distinguished name from.

Parameter extensions

Mapping with extensions as ASN.1 structures, as produced by make_extension. The extensions subjectKeyIdentifier, keyUsage (flagged critical) and basicConstraints (flagged critical) will automatically be added if not present.

Parameter h

The hash function to use for the certificate. Must be one of the standardized PKCS hashes to be used with the given Crypto. By default Crypto.SHA256 is selected for both RSA and DSA.

Parameter serial

Serial number of the certificate. Defaults to generating a UUID version1 value with random node. Some browsers will refuse different certificates from the same signer with the same serial number.

See also

sign_key(), sign_tbs()