GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
hx509_ca(3) Heimdalx509library hx509_ca(3)

hx509_ca


int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs *tbs)
 
void hx509_ca_tbs_free (hx509_ca_tbs *tbs)
 
int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)
 
int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)
 
int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)
 
const struct units * hx509_ca_tbs_template_units (void)
 
int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)
 
int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
 
int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
 
int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)
 
int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)
 
int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)
 
int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)
 
int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)
 
int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)
 
int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char *principal)
 
int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char *principal)
 
int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char *jid)
 
int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)
 
int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)
 
int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)
 
int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)
 
int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)
 
int hx509_ca_tbs_set_signature_algorithm (hx509_context context, hx509_ca_tbs tbs, const AlgorithmIdentifier *sigalg)
 
int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)
 
int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)
 

See the Hx509 CA functions for description and examples.

Sign a to-be-signed certificate object with a issuer certificate.
The caller needs to at least have called the following functions on the to-be-signed certificate object:
hx509_ca_tbs_init()
hx509_ca_tbs_set_subject()
hx509_ca_tbs_set_spki()
When done the to-be-signed certificate object should be freed with hx509_ca_tbs_free().
When creating self-signed certificate use hx509_ca_sign_self() instead.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
signer the CA certificate object to sign with (need private key).
 
certificate return cerificate, free with hx509_cert_free().
Returns:
An hx509 error code, see hx509_get_error_string().

Work just like hx509_ca_sign() but signs it-self.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
signer private key to sign with.
 
certificate return cerificate, free with hx509_cert_free().
Returns:
An hx509 error code, see hx509_get_error_string().

Add CRL distribution point URI to the to-be-signed certificate object.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
uri uri to the CRL.
 
issuername name of the issuer.
Returns:
An hx509 error code, see hx509_get_error_string().
issuername not supported

An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
oid extended key usage to add.
Returns:
An hx509 error code, see hx509_get_error_string().

Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not.
Example of a an domain match: .domain.se matches the hostname host.domain.se.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
dnsname a hostame.
Returns:
An hx509 error code, see hx509_get_error_string().

Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
jid string of an a jabber id in UTF8.
Returns:
An hx509 error code, see hx509_get_error_string().

Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
principal Microsoft UPN string.
Returns:
An hx509 error code, see hx509_get_error_string().

Add Subject Alternative Name otherName to the to-be-signed certificate object.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
oid the oid of the OtherName.
 
os data in the other name.
Returns:
An hx509 error code, see hx509_get_error_string().

Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
principal Kerberos principal to add to the certificate.
Returns:
An hx509 error code, see hx509_get_error_string().

Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
rfc822Name a string to a email address.
Returns:
An hx509 error code, see hx509_get_error_string().

Free an To Be Signed object.
Parameters:
tbs object to free.

Allocate an to-be-signed certificate object that will be converted into an certificate.
Parameters:
context A hx509 context.
 
tbs returned to-be-signed certicate object, free with hx509_ca_tbs_free().
Returns:
An hx509 error code, see hx509_get_error_string().

Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
pathLenConstraint path length constraint, negative, no constraint.
Returns:
An hx509 error code, see hx509_get_error_string().

Make the to-be-signed certificate object a windows domain controller certificate.
Parameters:
context A hx509 context.
 
tbs object to be signed.
Returns:
An hx509 error code, see hx509_get_error_string().

Set the absolute time when the certificate is valid to.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
t time when the certificate will expire
Returns:
An hx509 error code, see hx509_get_error_string().

Set the relative time when the certificiate is going to expire.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
delta seconds to the certificate is going to expire.
Returns:
An hx509 error code, see hx509_get_error_string().

Set the absolute time when the certificate is valid from. If not set the current time will be used.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
t time the certificated will start to be valid
Returns:
An hx509 error code, see hx509_get_error_string().

Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
pathLenConstraint path length constraint, negative, no constraint.
Returns:
An hx509 error code, see hx509_get_error_string().

Set the serial number to use for to-be-signed certificate object.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
serialNumber serial number to use for the to-be-signed certificate object.
Returns:
An hx509 error code, see hx509_get_error_string().

Set signature algorithm on the to be signed certificate
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
sigalg signature algorithm to use
Returns:
An hx509 error code, see hx509_get_error_string().

Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
spki subject public key info to use for the to-be-signed certificate object.
Returns:
An hx509 error code, see hx509_get_error_string().

Set the subject name of a to-be-signed certificate object.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
subject the name to set a subject.
Returns:
An hx509 error code, see hx509_get_error_string().

Initialize the to-be-signed certificate object from a template certifiate.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
flags bit field selecting what to copy from the template certifiate.
 
cert template certificate.
Returns:
An hx509 error code, see hx509_get_error_string().

Set the issuerUniqueID and subjectUniqueID
These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them.
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
issuerUniqueID to be set
 
subjectUniqueID to be set
Returns:
An hx509 error code, see hx509_get_error_string().

Expand the the subject name in the to-be-signed certificate object using hx509_name_expand().
Parameters:
context A hx509 context.
 
tbs object to be signed.
 
env environment variable to expand variables in the subject name, see hx509_env_init().
Returns:
An hx509 error code, see hx509_get_error_string().

Make of template units, use to build flags argument to hx509_ca_tbs_set_template() with parse_units().
Returns:
an units structure.

Generated automatically by Doxygen for Heimdalx509library from the source code.
Fri Dec 8 2017 Version 7.5.0

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.