GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Crypt::Perl::PKCS10(3) User Contributed Perl Documentation Crypt::Perl::PKCS10(3)

Crypt::Perl::PKCS10 - Certificate Signing Request (CSR) creation

    my $pkcs10 = Crypt::Perl::PKCS10->new(

        key => $private_key_obj,

        subject => [
            commonName => 'foo.com',
            localityName => 'somewhere',
            #...
        ],
        attributes => [
            [ 'extensionRequest',
                [ 'subjectAltName',
                    [ dNSName => 'foo.com' ],
                    [ dNSName => 'bar.com' ],
                ],
            ],
        ],
    );

    my $der = $pkcs10->to_der();
    my $pem = $pkcs10->to_pem();

This module is for creation of (PKCS #10) certificate signing requests (CSRs). Right now it supports only a subset of what OpenSSL <http://openssl.org> can create; however, it’s useful enough for use with many certificate authorities, including ACME <https://ietf-wg-acme.github.io/acme/> services like Let’s Encrypt <http://letsencrypt.org>.

It’s also a good deal easier to use!

I believe this is the only CPAN <http://search.cpan.org> module that can create CSRs for RSA, ECDSA, and Ed25519 keys. Other encryption schemes would not be difficult to integrate—but do any CAs accept them?

After a brief flirtation (cf. v0.13) with producing ECDSA-signed CSRs using explicit curve parameters, this module produces CSRs using named curves. Certificate authorities seem to prefer this format—which makes sense since they only allow certain curves in the first place.

The signature digest algorithm is determined based on the passed-in key: for RSA it’s always SHA-512, and for ECDSA it’s the strongest SHA digest algorithm that the key allows (e.g., SHA-224 for a 239-bit key, etc.)

If you need additional flexibility, let me know.

(Note that Ed25519 signs an entire document rather than a digest.)

Create an instance of this class. Parameters are:
  • "key" - An instance of "Crypt::Perl::RSA::PrivateKey", "Crypt::Perl::ECDSA::PrivateKey", or "Crypt::Perl::Ed25519::PrivateKey". If you’ve got a DER- or PEM-encoded key string, use Crypt::Perl::PK (included in this distribution) to create an appropriate object.
  • "subject" - An array reference of arguments into Crypt::Perl::X509::Name’s constructor.
  • "attributes" - An array reference of arguments into Crypt::Perl::PKCS10::Attributes’s constructor.

Let me know what features you would find useful, ideally with a representative sample CSR that demonstrates the requested feature. (Or, better yet, send me a pull request!)

  • Crypt::PKCS10 - Parse CSRs, in pure Perl.
  • Crypt::OpenSSL::PKCS10 - Create CSRs using OpenSSL via XS. Currently this only seems to support RSA.
2020-09-27 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.