cfssl: github.com/cloudflare/cfssl/initca Index | Files

package initca

import "github.com/cloudflare/cfssl/initca"

Package initca contains code to initialise a certificate authority, generating a new root key and certificate.

Index

Package Files

initca.go

Variables

var CAPolicy = func() *config.Signing {
    return &config.Signing{
        Default: &config.SigningProfile{
            Usage:        []string{"cert sign", "crl sign"},
            ExpiryString: "43800h",
            Expiry:       5 * helpers.OneYear,
            CAConstraint: config.CAConstraint{IsCA: true},
        },
    }
}

CAPolicy contains the CA issuing policy as default policy.

func New Uses

func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)

New creates a new root certificate from the certificate request.

func NewFromPEM Uses

func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)

NewFromPEM creates a new root certificate from the key file passed in.

func NewFromSigner Uses

func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)

NewFromSigner creates a new root certificate from a crypto.Signer.

func RenewFromPEM Uses

func RenewFromPEM(caFile, keyFile string) ([]byte, error)

RenewFromPEM re-creates a root certificate from the CA cert and key files. The resulting root certificate will have the input CA certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func RenewFromSigner Uses

func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error)

RenewFromSigner re-creates a root certificate from the CA cert and crypto.Signer. The resulting root certificate will have ca certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func Update Uses

func Update(ca *x509.Certificate, priv crypto.Signer) (cert []byte, err error)

Update copies the CA certificate, updates the NotBefore and NotAfter fields, and then re-signs the certificate.

Package initca imports 15 packages (graph) and is imported by 305 packages. Updated 2020-09-17. Refresh now. Tools for package owners.