-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API is not very clear about how to sign one Certificate
with another one.
#89
Comments
PRs are welcome, and also open to discuss solutions. |
This is interesting, are you saying we can't do it yet? I have tried the whole day without success! |
You can sign certificates with another one. The |
There's a new example for this in #174
I believe this is a fairly common API design. E.g. Golang's x509.CreateCertificate function does the same: combining a template and an issuer to create the DER serialization of a signed certificate. We can leave this issue open if you have any improvements to suggest to the documentation to improve clarity. |
I think the new example from #174 and the upcoming CLI tool are probably sufficient to close this. We can revisit if there are other suggestions to make the API clearer. |
The only mention of signing new certificates I see is
serialize_*_with_signer
functions.I am expected to serialize, then immediately deserialize certificate even though there is no intention to save it to file or transmit.
Documentation may be more clear about why signing and serialization are one step. I expected there be something like
rcgen::Certificate::from_params_with_signer(params: CertificateParams, ca: &Certificate)
, so I can sign certificate, then serialize it if needed (or use somehow directly).The text was updated successfully, but these errors were encountered: