Openssl X509 Pem

  1. Openssl X509 Pem To Crt
  2. Openssl X509 Pemasaran
Openssl X509 Pem

Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.


The X.509 standard is used to manage digital certificates used for public key encryption. One of the filename extensions used for X.509 certificates is.pem, which stands for ' Privacy Enhanced Mail '. These certificates are Base64 encoded DER certificates.

None by default.

The openssl crl command and utility will process CRL (Certificate Revocation List) files in both DER and PEM format. CRL locations can be found on the X.509 certificate itself, under the “CRL Endpoints” section. Here is a screenshot from the Mozilla Firefox certificate viewer of the SSL certificate installed at Openssl x509 -text -noout -in certificate.pem Combine your key and certificate in a PKCS#12 (P12) bundle: openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12 Validate your P2 file. Openssl x509 -inform PEM - in /tmp/certificate.crt SSL Private keys must be unencrypted and non-password protected on our platform. You can use the following OpenSSL command to remove a private key password: openssl rsa - in file1.key - out file2.key.

On request:


new ( )

Create a new X509 object.

new_from_string ( STRING [ FORMAT ] )
new_from_file ( FILENAME [ FORMAT ] )

Create a new X509 object from a string or file. FORMAT should be FORMAT_ASN1 or FORMAT_PEM.



Subject name as a string.


Issuer name as a string.


Issuer name hash as a string.


Serial number as a string.


Alias for subject_hash


Subject name hash as a string.


notBefore time as a string.


notAfter time as a string.


Email address as a string.


Certificate version as a string.


Signature algorithm name as a string.


Public key algorithm name as a string.


Name of the EC curve used in the public key.


subject_name ( )
issuer_name ( )

Return a Name object for the subject or issuer name. Methods for handling Name objects are given below.

is_selfsigned ( )

Return Boolean value if subject and issuer name are the same.

as_string ( [ FORMAT ] )

Return the certificate as a string in the specified format. FORMAT can be one of FORMAT_PEM (the default) or FORMAT_ASN1.

modulus ( )

Return the modulus for an RSA public key as a string of hex digits. For DSA and EC return the public key. Other algorithms are not supported.

bit_length ( )

Return the length of the modulus as a number of bits.

fingerprint_md5 ( )
fingerprint_sha1 ( )
fingerprint_sha224 ( )
fingerprint_sha256 ( )
fingerprint_sha384 ( )
fingerprint_sha512 ( )

Return the specified message digest for the certificate.

checkend( OFFSET )

Given an offset in seconds, will the certificate be expired? Returns True if the certificate will be expired. False otherwise.

pubkey ( )

Return the RSA, DSA, or EC public key.

num_extensions ( )

Return the number of extensions in the certificate.

extension ( INDEX )

Return the Extension specified by the integer INDEX. Methods for handling Extension objects are given below.

extensions_by_oid ( )
extensions_by_name ( )
extensions_by_long_name ( )

Return a hash of Extensions indexed by OID or name.

has_extension_oid ( OID )

Return true if the certificate has the extension specified by OID.

X509::Extension METHODS

critical ( )

Return a value indicating if the extension is critical or not. FIXME: the value is an ASN.1 BOOLEAN value.

object ( )

Return the ObjectID of the extension. Methods for handling ObjectID objects are given below.

value ( )

Return the value of the extension as an asn1parse(1) style hex dump.

as_string ( )

Return a human-readable version of the extension as formatted by X509V3_EXT_print. Note that this will return an empty string for OIDs with unknown ASN.1 encodings.

X509::ObjectID METHODS

name ( )

Return the long name of the object as a string.

oid ( )
Openssl x509 pembroke pines

Return the numeric dot-separated form of the object identifier as a string.


X509::Name METHODS

as_string ( )

Return a string representation of the Name

entries ( )

Return an array of Name_Entry objects. Methods for handling Name_Entry objects are given below.

has_entry ( TYPE [ LASTPOS ] )
has_long_entry ( TYPE [ LASTPOS ] )
has_oid_entry ( TYPE [ LASTPOS ] )

Return true if a name has an entry of the specified TYPE. Depending on the function the TYPE may be in the short form (e.g. CN), long form (commonName) or OID ( If LASTPOS is specified then the search is made from that index rather than from the start.

get_index_by_type ( TYPE [ LASTPOS ] )
get_index_by_long_type ( TYPE [ LASTPOS ] )
get_index_by_oid_type ( TYPE [ LASTPOS ] )

Return the index of an entry of the specified TYPE in a name. Depending on the function the TYPE may be in the short form (e.g. CN), long form (commonName) or OID ( If LASTPOS is specified then the search is made from that index rather than from the start.

get_entry_by_type ( TYPE [ LASTPOS ] )
get_entry_by_long_type ( TYPE [ LASTPOS ] )

These methods work similarly to get_index_by_* but return the Name_Entry rather than the index.

X509::Name_Entry METHODS

as_string ( [ LONG ] )

Return a string representation of the Name_Entry of the form typeName=Value. If LONG is 1, the long form of the type is used.

type ( [ LONG ] )

Return a string representation of the type of the Name_Entry. If LONG is 1, the long form of the type is used.

value ( )

Return a string representation of the value of the Name_Entry.

is_printableString ( )
is_ia5string ( )
is_utf8string ( )
is_asn1_type ( [ASN1_TYPE] )

Return true if the Name_Entry value is of the specified type. The value of ASN1_TYPE should be as listed in OpenSSL's asn1.h.

OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum

Dan Sully

  • Shoichi Kaji, release 1.9.3 and 1.9.8

  • Neil Bowers, release 1.8.13

  • kmx, release 1.8.9

  • Sebastian Andrzej Siewior

  • David O'Callaghan, <[email protected]>

  • Daniel Kahn Gillmor <[email protected]>

Copyright 2004-2021 by Dan Sully

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

An X509 public key certificate.


impl X509[src]

pub fn builder() -> Result<X509Builder, ErrorStack>[src]

pub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>[src]

Deserializes a PEM-encoded X509 structure.

The input should have a header of -----BEGIN CERTIFICATE-----.

This corresponds to PEM_read_bio_X509.

pub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>[src]

Deserializes a DER-encoded X509 structure.

This corresponds to d2i_X509.

pub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>[src]

Deserializes a list of PEM-formatted certificates.

Methods from Deref<Target = X509Ref>

pub fn subject_name(&self) -> &X509NameRef[src]

Returns this certificate's subject name.

This corresponds to X509_get_subject_name.

pub fn issuer_name(&self) -> &X509NameRef[src]

Returns this certificate's issuer name.

This corresponds to X509_get_issuer_name.

pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>[src]

Returns this certificate's subject alternative name entries, if they exist.

This corresponds to X509_get_ext_d2i called with NID_subject_alt_name.

pub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>[src]

Returns this certificate's issuer alternative name entries, if they exist.

This corresponds to X509_get_ext_d2i called with NID_issuer_alt_name.

pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>[src]

pub fn digest(
hash_type: MessageDigest
) -> Result<DigestBytes, ErrorStack>

Returns a digest of the DER representation of the certificate.

This corresponds to X509_digest.

pub fn fingerprint(
hash_type: MessageDigest
) -> Result<Vec<u8>, ErrorStack>

pub fn not_after(&self) -> &Asn1TimeRef[src]

Returns the certificate's Not After validity period.

pub fn not_before(&self) -> &Asn1TimeRef[src]

Returns the certificate's Not Before validity period.

pub fn signature(&self) -> &Asn1BitStringRef[src]

pub fn signature_algorithm(&self) -> &X509AlgorithmRef[src]

Returns the certificate's signature algorithm.

pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>[src]

Returns the list of OCSP responder URLs specified in the certificate's Authority InformationAccess field.

pub fn issued(&self, subject: &X509Ref) -> X509VerifyResult[src]

pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack> where
T: HasPublic,

Check if the certificate is signed using the given public key.

Only the signature is checked: no other checks (such as certificate chain validity)are performed.

Returns true if verification succeeds.

This corresponds to [`X509_verify'].

pub fn serial_number(&self) -> &Asn1IntegerRef[src]

Returns this certificate's serial number.

This corresponds to X509_get_serialNumber.

pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>[src]

Serializes the certificate into a PEM-encoded X509 structure.

The output will have a header of -----BEGIN CERTIFICATE-----.

This corresponds to PEM_write_bio_X509.

pub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>[src]

Serializes the certificate into a DER-encoded X509 structure.

This corresponds to i2d_X509.

Trait Implementations

impl Stackable for X509[src]

type StackType = stack_st_X509

impl Send for X509[src]

impl Drop for X509

fn drop(&mut self)

Convert der to pem openssl

impl Sync for X509[src]

impl Clone for X509[src]

fn clone(&self) -> X509[src]

fn clone_from(&mut self, source: &Self)1.0.0[src]

Performs copy-assignment from source. Read more

impl AsRef<X509Ref> for X509

fn as_ref(&self) -> &X509Ref

impl DerefMut for X509

fn deref_mut(&mut self) -> &mut X509Ref

impl Deref for X509

type Target = X509Ref

fn deref(&self) -> &X509Ref

Dereferences the value.

impl Borrow<X509Ref> for X509

fn borrow(&self) -> &X509Ref

impl ForeignType for X509

type CType = X509

type Ref = X509Ref

The type representing a reference to this type.

unsafe fn from_ptr(ptr: *mut X509) -> X509

Constructs an instance of this type from its raw type.

fn as_ptr(&self) -> *mut X509

Auto Trait Implementations

impl Unpin for X509

impl UnwindSafe for X509

impl RefUnwindSafe for X509

Blanket Implementations

impl<T> ToOwned for T where
T: Clone,

type Owned = T

fn to_owned(&self) -> T[src]

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)[src]

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> Into<U> for T where
U: From<T>,

fn into(self) -> U[src]

impl<T> From<T> for T[src]

fn from(t: T) -> T[src]

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

Openssl X509 Pem To Crt

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

impl<T> BorrowMut<T> for T where
T: ?Sized,

fn borrow_mut(&mut self) -> &mut T[src]

impl<T> Borrow<T> for T where
T: ?Sized,

fn borrow(&self) -> &T[src]

impl<T> Any for T where
T: 'static + ?Sized,

Openssl X509 Pemasaran

fn type_id(&self) -> TypeId[src]