Builder

class Builder

Build a held certificate with reasonable defaults.

Constructors

Link copied to clipboard
constructor()

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard

Adds a subject alternative name (SAN) to the certificate. This is usually a literal hostname, a literal IP address, or a hostname pattern. If no subject alternative names are added that extension will be omitted.

Link copied to clipboard
Link copied to clipboard

Set this certificate to be a signing certificate, with up to maxIntermediateCas intermediate signing certificates beneath it.

Link copied to clipboard

Set this certificate's common name (CN). Historically this held the hostname of TLS certificate, but that practice was deprecated by RFC 2818 and replaced with addSubjectAlternativeName. If unset a random string will be used.

Link copied to clipboard

Sets the certificate to be valid immediately and until the specified duration has elapsed. The precision of this field is seconds; further precision will be truncated.

Link copied to clipboard

Configure the certificate to generate a 256-bit ECDSA key, which provides about 128 bits of security. ECDSA keys are noticeably faster than RSA keys.

Link copied to clipboard
fun keyPair(publicKey: PublicKey, privateKey: PrivateKey): HeldCertificate.Builder

Sets the public/private key pair used for this certificate. If unset a key pair will be generated.

Link copied to clipboard

Sets the certificate's organizational unit (OU). If unset this field will be omitted.

Link copied to clipboard

Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of security. RSA keys are interoperable with very old clients that don't support ECDSA.

Link copied to clipboard

Sets this certificate's serial number. If unset the serial number will be 1.

Link copied to clipboard

Set the certificate that will issue this certificate. If unset the certificate will be self-signed.

Link copied to clipboard

Sets the certificate to be valid in ``[notBefore..notAfter]``. Both endpoints are specified in the format of System.currentTimeMillis. Specify -1L for both values to use the default interval, 24 hours starting when the certificate is created.