NAME

Crypt::Perl::X509v3 - TLS/SSL Certificates

SYNOPSIS

    my $cert = Crypt::Perl::X509v3->new(
        key => $crypt_perl_public_key_obj,
        issuer => [
            [ commonName => 'Foo', surname => 'theIssuer' ],
            [ givenName => 'separate RDNs' ],
        ],
        subject => \@subject,   #same format as issuer

        not_before => $unixtime,
        not_after => $unixtime,

        # The same structure as in Crypt::Perl::PKCS10 …
        extensions => [
            [ keyUsage => 'keyCertSign', 'keyEncipherment' ],
            [ $extn_name => @extn_args ],
            # ..
        ],

        serial_number => 12345,

        issuer_unique_id => '..',
        subject_unique_id => '..',
    );

    # The signature algorithm (2nd argument) is not needed
    # when the signing key is Ed25519.
    $cert->sign( $crypt_perl_private_key_obj, 'sha256' );

    my $pem = $cert->to_pem();

STATUS

This module is experimental! The API may change between versions. If you’re going to build something off of it, ensure that you check Crypt::Perl’s changelog before updating this module.

DESCRIPTION

This module can create TLS/SSL certificates. The caller has full control over all certificate components, and anything not specified is not assumed.

There currently is not a parsing interface. Hopefully that can be remedied.