Struct X509Builder 

pub struct X509Builder { /* private fields */ }

Builder for a new X.509 certificate.

let mut name = X509NameOwned::new()?;
name.add_entry_by_txt(c"CN", b"example.com")?;

let cert = X509Builder::new()?
    .set_version(2)?                    // X.509v3
    .set_serial_number(1)?
    .set_not_before_offset(0)?          // valid from now
    .set_not_after_offset(365 * 86400)? // valid for 1 year
    .set_subject_name(&name)?
    .set_issuer_name(&name)?            // self-signed
    .set_public_key(&pub_key)?
    .sign(&priv_key, None)?             // None → no digest (Ed25519)
    .build();

Implementations

impl X509Builder

pub fn new() -> Result<Self, ErrorStack>

Allocate a new, empty X509 structure.

Errors

pub fn set_version(self, version: i64) -> Result<Self, ErrorStack>

Set the X.509 version (0 = v1, 1 = v2, 2 = v3).

Errors

pub fn set_serial_number(self, n: i64) -> Result<Self, ErrorStack>

Set the serial number.

Errors

pub fn set_not_before_offset(self, offset_secs: i64) -> Result<Self, ErrorStack>

Set notBefore to now + offset_secs.

Errors

pub fn set_not_after_offset(self, offset_secs: i64) -> Result<Self, ErrorStack>

Set notAfter to now + offset_secs.

Errors

pub fn set_subject_name(self, name: &X509NameOwned) -> Result<Self, ErrorStack>

Set the subject distinguished name.

Errors

pub fn set_issuer_name(self, name: &X509NameOwned) -> Result<Self, ErrorStack>

Set the issuer distinguished name.

Errors

pub fn set_public_key<T: HasPublic>( self, key: &Pkey<T>, ) -> Result<Self, ErrorStack>

Set the public key.

Errors

pub fn sign( self, key: &Pkey<Private>, digest: Option<&DigestAlg>, ) -> Result<Self, ErrorStack>

Sign the certificate.

Pass digest = None for one-shot algorithms such as Ed25519. For ECDSA or RSA, pass the appropriate digest (e.g. SHA-256).

Errors

pub fn build(self) -> X509

Finalise and return the certificate.

Trait Implementations

impl Drop for X509Builder

fn drop(&mut self)

Executes the destructor for this type.