X509Req is an opaque object that represents PKCS#10 certificate request.

newX509Req creates an empty certificate request. You must set the following properties to and sign it (see signX509Req) to actually use the certificate request.

Version

See setVersion.

Subject Name

See setSubjectName.

Public Key

See setPublicKey.

signX509Req signs a certificate request with a subject private key.

verifyX509Req verifies a signature of certificate request with a subject public key.

printX509Req req translates a certificate request into human-readable format.

makeX509FromReq req cert creates an empty X.509 certificate and copies as much data from the request as possible. The resulting certificate doesn't have the following data and it isn't signed so you must fill them and sign it yourself.

• Serial number
• Validity (Not Before and Not After)

Example:

 import Data.Time.Clock

 genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509
 genCert caCert caKey serial days req
     = do cert <- makeX509FromReq req caCert
          now  <- getCurrentTime
          setSerialNumber cert serial
          setNotBefore cert $ addUTCTime (-1) now
          setNotAfter  cert $ addUTCTime (days * 24 * 60 * 60) now
          signX509 cert caKey Nothing
          return cert

getVersion req returns the version number of certificate request.

setVersion req ver updates the version number of certificate request.

getSubjectName req wantLongName returns the subject name of certificate request. See getSubjectName of OpenSSL.X509.

setSubjectName req name updates the subject name of certificate request. See setSubjectName of OpenSSL.X509.

getPublicKey req returns the public key of the subject of certificate request.

setPublicKey req updates the public key of the subject of certificate request.