Documentation ¶
Overview ¶
Package cert provides RSA Key API management for crypto/x509 certificates.
This package makes easy to generate and certificates from files to be used by GoLang applications.
Generating Certificates (even by Signing), the files will be saved in the $CAPATH by default. For $CAPATH, please check out the GoCA documentation.
Index ¶
- Constants
- Variables
- func CASignCSR(CACommonName string, csr *x509.CertificateRequest, caCert *x509.Certificate, ...) (certDer []byte, err error)
- func ConvertCRLFromDerToPem(crlDer []byte) (crlPem []byte, err error)
- func ConvertCSRFromDerToPem(csrDer []byte) (csrPem []byte, err error)
- func ConvertCertificateFromDerToPem(certDer []byte) (certPem []byte, err error)
- func CreateCACert(...) (certDer []byte, err error)
- func CreateCSR(...) (csrDer []byte, err error)
- func CreateRootCert(...) (certDer []byte, err error)
- func LoadCRLFromPem(crlPem []byte) (*pkix.CertificateList, error)
- func LoadCSRFromPem(csrPem []byte) (*x509.CertificateRequest, error)
- func LoadCertFromPem(certString []byte) (*x509.Certificate, error)
- func RevokeCertificate(CACommonName string, certificateList []pkix.RevokedCertificate, ...) (crlDer []byte, err error)
Constants ¶
const ( // MinValidCert is the minimal valid time: 1 day MinValidCert int = 1 // MaxValidCert is the maximum valid time: 3650 day MaxValidCert int = 3650 // DefaultValidCert is the default valid time: 397 days DefaultValidCert int = 397 )
Variables ¶
var ErrCertExists = errors.New("certificate already exists")
ErrCertExists means that the certificate requested already exists
var ErrParentCANotFound = errors.New("parent CA not found")
Functions ¶
func CASignCSR ¶
func CASignCSR(CACommonName string, csr *x509.CertificateRequest, caCert *x509.Certificate, privKey *rsa.PrivateKey, valid int) (certDer []byte, err error)
CASignCSR signs an Certificate Signing Request and returns the Certificate as Go bytes.
func ConvertCRLFromDerToPem ¶
ConvertCRLFromDerToPem permit to convert CLR from DER format to PEM format
func ConvertCSRFromDerToPem ¶
ConvertCSRFromDerToPem permit to convert CSR from DER format to PEM format
func ConvertCertificateFromDerToPem ¶
ConvertCertificateFromDerToPem permit to convert certificate from DER format to PEM format
func CreateCACert ¶
func CreateCACert( CACommonName, commonName, country, province, locality, organization, organizationalUnit, emailAddresses string, validDays int, dnsNames []string, ipAddresses []net.IP, privateKey, parentPrivateKey *rsa.PrivateKey, parentCertificate *x509.Certificate, publicKey *rsa.PublicKey) (certDer []byte, err error)
CreateCACert creates a CA Certificate
Root certificates are self-signed. When creating a root certificate, leave parentPrivateKey and parentCertificate parameters as nil. When creating an intermediate CA certificates, provide parentPrivateKey and parentCertificate
func CreateCSR ¶
func CreateCSR(CACommonName, commonName, country, province, locality, organization, organizationalUnit, emailAddresses string, dnsNames []string, ipAddresses []net.IP, priv *rsa.PrivateKey) (csrDer []byte, err error)
CreateCSR creates a Certificate Signing Request returning certData with CSR. The returned CSR is on DER format
func CreateRootCert ¶
func CreateRootCert( CACommonName, commonName, country, province, locality, organization, organizationalUnit, emailAddresses string, valid int, dnsNames []string, ipAddresses []net.IP, privateKey *rsa.PrivateKey, publicKey *rsa.PublicKey, ) (certDer []byte, err error)
CreateRootCert creates a Root CA Certificate (self-signed)
func LoadCRLFromPem ¶
func LoadCRLFromPem(crlPem []byte) (*pkix.CertificateList, error)
LoadCRL loads a Certificate Revocation List from a pem contend.
func LoadCSRFromPem ¶
func LoadCSRFromPem(csrPem []byte) (*x509.CertificateRequest, error)
LoadCSR loads a Certificate Signing Request from pem contend.
func LoadCertFromPem ¶
func LoadCertFromPem(certString []byte) (*x509.Certificate, error)
LoadCert loads a certifiate from a pem contend.
func RevokeCertificate ¶
func RevokeCertificate(CACommonName string, certificateList []pkix.RevokedCertificate, caCert *x509.Certificate, privKey *rsa.PrivateKey) (crlDer []byte, err error)
RevokeCertificate is used to revoke a certificate (added to the revoked list)
Types ¶
This section is empty.