BasicConstraints generates a function that modifies the BasicConstraintsValid, IsCA, MaxPathLen, and MaxPathLenZero fields of a CertTemplate.

CommonName generates a function that modifies the CommonName value of a certificate name struct.

Country generates a function that modifies the Country value of a certificate name struct.

CRLSign generates a function that modifies the KeyUsage bitmap value of a CertTemplate.

ExtKeyUsage overwrites the extended key usage slice of a CertTemplate.

FromCert generates a CertTemplate from a x509 certificate.

FromCSR generates a CertTemplate from a x509 certificate signing request.

GenerateKeyPair returns a Profile modifier that generates a public/private key pair for a profile.

Hosts generates a function that modifies the IPAddresses and DNSNames values of a certificate.

Issuer generates a function that modifies the Issuer value of a CertTemplate.

LoadCSRFromBytes loads a CSR given the ASN.1 DER format.

LoadIdentityFromDisk load a public certificate and private key (both in PEM format) from disk.

Locality generates a function that modifies the Country value of a certificate name struct.

MergeASN1DN fills empty fields of a pkix.Name with default ASN1DN settings.

NewCertTemplate generates and returns a new CertTemplate struct.

NewIdentity returns a new Identity.

NewIntermediateProfile returns a new intermediate x509 Certificate profile.

NewLeafProfile returns a new leaf x509 Certificate profile.

NewLeafProfileWithCSR returns a new leaf x509 Certificate Profile with Subject Certificate fields populated directly from the CSR.

NewLeafProfileWithTemplate returns a new leaf x509 Certificate Profile with Subject Certificate set to the value of the template argument.

NewPkixName generates a new PkixName struct.

NewRootProfile returns a new root x509 Certificate profile.

NewRootProfileWithTemplate returns a new root x509 Certificate profile.

NotBeforeAfter generates a function that modifies the NotBefore and NotAfter values of a certificate.

Now is a helper function that returns the current time with the location set to UTC.

Organization generates a function that modifies the Organization value of a certificate name struct.

ReadCertPool loads a certificate pool from disk.

SerialNumber generates a function that modifies the SerialNumber value of a CertTemplate.

Subject generates a function that modifies the Subject value of a CertTemplate.

WithHosts returns a Profile modifier which sets the DNS Names and IP Addresses that will be bound to the subject Certificate.

WithIssuer returns a Profile modifier that sets the Subject for a x509 Certificate.

WithNotBeforeAfter returns a Profile modifier that sets the `NotBefore` and `NotAfter` attributes of the subject x509 Certificate.

WithPublicKey returns a Profile modifier that sets the public key for a profile.

WithSubject returns a Profile modifier that sets the Subject for a x509 Certificate.

WriteCertificate encodes a x509 Certificate to a file on disk in PEM format.

ApprovedTLSCipherSuites smallstep approved ciphersuites.

DefaultCertValidity is the minimum validity of an end-entity (not root or intermediate) certificate.

DefaultIntermediateCertValidity is the default validity of a root certificate in the step PKI.

DefaultRootCertValidity is the default validity of a root certificate in the step PKI.

DefaultTLSCipherSuites specifies default step ciphersuite(s).

DefaultTLSMaxVersion default maximum version of TLS.

DefaultTLSMinVersion default minimum version of TLS.

Never regnegotiate.

ASN1DN contains ASN1.DN attributes that are used in Subject and Issuer x509 Certificate blocks.

Identity contains a public/private x509 certificate/key pair.

Intermediate implements the Profile for a intermediate certificate.

Leaf implements the Profile for a leaf certificate.

PkixNameBuilder for organizing pkix fields.

Root implements the Profile for a root certificate.

Profile is an interface that certificate profiles (e.g.

CertTemplate allows us to add our own methods to x509.Certificate.

CipherSuites represents an array of string codes representing the cipher suites.

PkixName allows us to add our own methods to pkix.Name.

TLSVersion represents a TLS version number.

WithOption is a modifier function on base.