mixin

CertSigner

mixin CertSigner

The CertSigner allows you to configure various options for signing a certificate from a CSR to generate a signed certifcate.

See RFC5280 for more information on configuring v3 extension values.

 methods authKeyId

Configure the Authority Key Identifier V3 extension

 notAfter

Configure the end date for the certificate validity period

 keyUsage

Configure the Key Usage V3 extension

 subjectKeyId

Configure the Subject Key Identifier V3 extenstion

 sign

Generate the signed certificate based on the current configuration

 basicConstraints

Configure the Basic Constraints V3 extension

 extendedKeyUsage

Configure the Extended Key Usage V3 extension

 signWith

Configure the signature algorithm to sign the certificate with

 ca

Configure the CA private key and public certificate

 notBefore

Configure the start date for the certificate valdity period

 subjectAltName

Add a Subject Alternative Name to the certificate

 authKeyId abstract This authKeyId(Buf buf)

Configure the Authority Key Identifier V3 extension

 basicConstraints abstract This basicConstraints(Bool ca, Int? pathLenConstraint)

Configure the Basic Constraints V3 extension

 ca abstract This ca(PrivKey caPrivKey, Cert caCert)

Configure the CA private key and public certificate. If this method is not called, then a self-signed certificate will be generated.

 extendedKeyUsage abstract This extendedKeyUsage(Str[] oids)

Configure the Extended Key Usage V3 extension.

 keyUsage abstract This keyUsage(Buf bits)

Configure the Key Usage V3 extension

 notAfter abstract This notAfter(Date date)

Configure the end date for the certificate validity period. The default value is 365 days from today.

 notBefore abstract This notBefore(Date date)

Configure the start date for the certificate valdity period. The default value is today.

 sign abstract Cert sign()

Generate the signed certificate based on the current configuration.

 signWith abstract This signWith(Str:Obj opts)

Configure the signature algorithm to sign the certificate with. This map is configured the same as a Crypto.genCsr. By default, an implementation should choose a "strong" signing algorithm.

 subjectAltName abstract This subjectAltName(Obj name)

Add a Subject Alternative Name to the certificate. This method may be called multiple times to add different SANs. The name may be one of the following types:

  • Str: a DNS name
  • Uri: a Uniform Resource Identifier name
  • IpAddr: an IP address name

 subjectKeyId abstract This subjectKeyId(Buf buf)

Configure the Subject Key Identifier V3 extenstion

 Haxall 4.0.5 ∙ 24-Feb-2026 14:33 EST