![]() to remember issued and revoked certificates between two CRL issuances) and security-policy based screening of certificate requests. To perform the necessary cryptographic operations, it needs a private key that is kept secret (currently only RSA is supported).ĭespite the name and unlike the openssl ca command-line tool, Crypt::OpenSSL::CA is not designed as a full-fledged X509v3 Certification Authority (CA) in and of itself: some key features are missing, most notably persistence (e.g. A CA is defined by RFC4210 and friends (see Crypt::OpenSSL::CA::Resources) as a piece of software that can (among other things) issue and revoke X509v3 certificates. It is implemented as a Perl wrapper around the popular OpenSSL library.Ĭrypt::OpenSSL::CA is an essential building block to create an X509v3 Certification Authority or CA, a crucial part of an X509 Public Key Infrastructure (PKI). ![]() This module performs the cryptographic operations necessary to issue X509 certificates and certificate revocation lists (CRLs). My $pem = $x509->sign($privkey, "sha1") DESCRIPTION $x509->set_extension("subjectKeyIdentifier", $x509->set_extension("basicConstraints", "CA:TRUE", >parse($pem_private_key, -password => "secret") My $privkey = Crypt::OpenSSL::CA::PrivateKey Crypt::OpenSSL::CA::X509_CRL::holdInstructionPickupTokenĬrypt::OpenSSL::CA - The crypto parts of an X509v3 Certification Authority SYNOPSIS use Crypt::OpenSSL::CA.Crypt::OpenSSL::CA::X509_CRL::holdInstructionReject.Crypt::OpenSSL::CA::X509_CRL::holdInstructionCallIssuer. ![]()
0 Comments
Leave a Reply. |