package initca

import "github.com/cloudflare/cfssl/initca"

Package initca contains code to initialise a certificate authority, generating a new root key and certificate.

Index ¶

• Variables
• func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)
• func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)
• func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)
• func RenewFromPEM(caFile, keyFile string) ([]byte, error)
• func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error)
• func Update(ca *x509.Certificate, priv crypto.Signer) (cert []byte, err error)

Variables ¶

var CAPolicy = func() *config.Signing {
	return &config.Signing{
		Default: &config.SigningProfile{
			Usage:        []string{"cert sign", "crl sign"},
			ExpiryString: "43800h",
			Expiry:       5 * helpers.OneYear,
			CAConstraint: config.CAConstraint{IsCA: true},
		},
	}
}

CAPolicy contains the CA issuing policy as default policy.

Functions ¶

func New ¶

func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error)

New creates a new root certificate from the certificate request.

func NewFromPEM ¶

func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byte, err error)

NewFromPEM creates a new root certificate from the key file passed in.

func NewFromSigner ¶

func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPEM []byte, err error)

NewFromSigner creates a new root certificate from a crypto.Signer.

func RenewFromPEM ¶

func RenewFromPEM(caFile, keyFile string) ([]byte, error)

RenewFromPEM re-creates a root certificate from the CA cert and key files. The resulting root certificate will have the input CA certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func RenewFromSigner ¶

func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error)

RenewFromSigner re-creates a root certificate from the CA cert and crypto.Signer. The resulting root certificate will have ca certificate as the template and have the same expiry length. E.g. the existing CA is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate will be valid from now and expire in one year as well.

func Update ¶

func Update(ca *x509.Certificate, priv crypto.Signer) (cert []byte, err error)

Update copies the CA certificate, updates the NotBefore and NotAfter fields, and then re-signs the certificate.

Source Files ¶

initca.go