Bits sets the bit size of the RSA key pair.

CommonName sets the common name of the certificate.

DNSNames sets the value for the DNS Names in Subject Alternate Name of the certificate.

ECDSA sets a flag for indicating that the requested operation should be performed under the context of ECDSA instead of the default Ed25519.

ECDSACertificateAuthority creates an ECDSA CA.

ECDSASHA512 sets a flag for indicating that the requested operation should be performed under the context of ECDSA with SHA512 instead of the default Ed25519.

Ed25519CertificateAuthority creates an Ed25519 CA.

ExtKeyUsage sets the ExtKeyUsage* constants.

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding).

IPAddresses sets the value for the IP addresses in Subject Alternate Name of the certificate.

KeyUsage sets the bitmap of the KeyUsage* constants.

MatchSPKIFingerprints can be injected as tls.Config.VerifyConnection handler to deny connection if peer certificates don't match the fingerprints.

NewCertficateAndKey is the NewCertificateAndKey with a typo in the name.

NewCertificateAndKey generates a new key and certificate signed by a CA.

NewCertificateAndKeyFromCertificateAuthority initializes and returns a PEMEncodedCertificateAndKey from the CertificateAuthority.

NewCertificateAndKeyFromFiles initializes and returns a PEMEncodedCertificateAndKey from the path to a crt and key.

NewCertificateAndKeyFromKeyPair initializes and returns a PEMEncodedCertificateAndKey from the KeyPair.

NewCertificateAuthorityFromCertificateAndKey builds CertificateAuthority from PEMEncodedCertificateAndKey.

NewCertificateFromCSR creates and signs X.509 certificate using the provided CSR.

NewCertificateFromCSRBytes creates a signed certificate using the provided certificate, key, and CSR.

NewCertificateSigningRequest creates a CSR.

NewDefaultOptions initializes the Options struct with default values.

NewECDSACSRAndIdentity generates and PEM encoded certificate and key, along with a CSR for the generated key.

NewECDSAKey generates an ECDSA key pair.

NewEd25519CSRAndIdentity generates and PEM encoded certificate and key, along with a CSR for the generated key.

NewEd25519Key generates an Ed25519 key pair.

NewKeyFromFile loads a PEM-encoded key from a file.

NewKeyPair generates a certificate signed by the provided CA, and a private key.

NewRSACSRAndIdentity generates and PEM encoded certificate and key, along with a CSR for the generated key.

NewRSAKey generates an RSA key pair.

NewSelfSignedCertificateAuthority creates a self-signed CA configured for server and client authentication.

NewSerialNumber generates a random serial number for an X.509 certificate.

NotAfter sets the validity bound describing when a certificate expires.

NotBefore sets the validity bound describing when a certificate becomes valid.

Organization sets the subject organizations of the certificate.

OverrideSubject sets the option to override fields in the certificate subject when signing a CSR.

ParseFingerprint parses string representation of the fingerprint.

RSA sets a flag for indicating that the requested operation should be performed under the context of RSA-SHA512 instead of the default Ed25519.

RSACertificateAuthority creates an RSA CA.

SignatureAlgorithm sets the hash algorithm used to sign the SSL certificate.

SPKIFingerprint computes SPKI certificate fingerprint.

SPKIFingerprintFromDER computes SPKI certificate fingerprint from ASN.1 DER representation of the x509 certificate.

SPKIFingerprintFromPEM computes SPKI certificate fingerprint from PEM representation of the x509 certificate.

DefaultCertificateValidityDuration is a default certificate lifetime.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

PEM Block Header Types.

Redacted is a special string that is used to indicate that a private key should be YAML-marshaled without the base64 encoding.

Certificate represents an X.509 certificate.

CertificateAuthority represents a CA.

CertificateSigningRequest represents a CSR.

ECDSAKey represents an ECDSA key.

Ed25519Key represents an Ed25519 key.

KeyPair represents a certificate and key pair.

Options is the functional options struct.

PEMEncodedCertificate represents a PEM encoded certificate.

PEMEncodedCertificateAndKey represents a PEM encoded certificate and private key pair.

PEMEncodedKey represents a PEM encoded private key.

RSAKey represents an RSA key.

Key is a common interface implemented by RSAKey, ECDSAKey and Ed25519Key.

Fingerprint represents SPKI certificate fingerprint.

Option is the functional option func.