1Web::ID::Certificate::GUesneerraCtoonrt(r3i)buted Perl DWoecbu:m:eInDt:a:tCieorntificate::Generator(3)
2
3
4

NAME

6       Web::ID::Certificate::Generator - role for Web::ID::Certificate
7

SYNOPSIS

9        use Web::ID::Certificate::Generator;
10
11        my %options = (
12          cert_output       => '/home/alice/webid.p12',
13          passphrase        => 's3cr3t s0urc3',
14          rdf_output        => '/home/alice/public_html/foaf.rdf',
15          subject_alt_names => [
16            Web::ID::SAN::URI->new(
17              value => 'http://example.com/~alice/foaf.rdf#me',
18            ),
19            Web::ID::SAN::Email->new(
20              value => 'alice@example.com',
21            ),
22          ],
23          subject_name      => 'Alice Jones',
24          subject_locality  => 'Lewes',
25          subject_region    => 'East Sussex',
26          subject_country   => 'GB',   # ISO 3166-1 alpha-2 code
27        );
28
29        my $cert = Web::ID::Certificate->generate(%options);
30

DESCRIPTION

32       This is a role that may be applied to Web::ID::Certificate. It is not
33       consumed by Web::ID::Certificate by default as I was trying to avoid
34       tainting the class with the horror that's found in this role.
35
36       The "import" routine of this package applies the role to
37       Web::ID::Certificate, so it is sufficient to do:
38
39        use Web::ID::Certificate::Generator;
40
41       You don't need to muck around with "apply_all_roles" yourself.
42
43   Constructor
44       generate(%options)
45           Generates a brand new WebID-enabled certificate.
46
47   Options
48       The following options can be passed to "generator"
49
50       •   "cert_output"
51
52           A passphrase-protected PKCS12 certificate file is generated as part
53           of the certificate generation process. The PKCS12 file is what
54           you'd typically import into a browser.
55
56           You can pass a scalar reference, in which case the PKCS12 data will
57           be written to that scalar; or a file handle or string file name.
58
59           This is a required option.
60
61       •   "passphrase"
62
63           The password for the PKCS12 file.
64
65           This is a required option.
66
67       •   "rdf_output"
68
69           RDF data is also generated as part of the certificate generation
70           process.
71
72           Again a file handle or string file name can be passed, or an
73           RDF::Trine::Model.
74
75           This is a required option.
76
77       •   "subject_alt_names"
78
79           List of Web::ID::SAN objects to generate the certificate's
80           subjectAltNames field. You want at least one Web::ID::SAN::URI in
81           there.
82
83           This is a required option.
84
85       •   "subject_name"
86
87           The name of the person who will hold the certificate. (e.g. "Alice
88           Smith".)
89
90           This is a required option.
91
92       •   "subject_org"
93
94           The certificate holder's organisation.
95
96           Not required.
97
98       •   "subject_locality"
99
100           The locality (e.g. city) of the certificate holder's address.
101
102           Not required.
103
104       •   "subject_region"
105
106           The region (e.g. state or county) of the certificate holder's
107           address.
108
109           Not required.
110
111       •   "subject_country"
112
113           Two letter ISO code for the country of the certificate holder's
114           address.
115
116           Not required.
117
118       •   "openssl_path"
119
120           The path to the OpenSSL binary. Yes that's right, this role calls
121           the OpenSSL binary via "system" calls. Defaults to automatic
122           discovery via Web::ID::Util::FindOpenSSL.
123
124       •   "key_size"
125
126           Key size in bits. Defaults to 1024. Bigger keys are more secure.
127           Keys bigger than 2048 bits will take a ridiculously long time to
128           generate.  Keys less than 512 bits are pretty poor.
129
130       •   "not_after"
131
132           Date when the certificate should expire, as a DateTime object.
133           Defaults to 365 days.
134

BUGS AND LIMITATIONS

136       Generating the private key results in shedloads of nasty crud being
137       spewed out on STDERR.
138
139       Please report any bugs to
140       <http://rt.cpan.org/Dist/Display.html?Queue=Web-ID>.
141

SEE ALSO

143       Web::ID, Web::ID::Certificate.
144

AUTHOR

146       Toby Inkster <tobyink@cpan.org>.
147
149       This software is copyright (c) 2012 by Toby Inkster.
150
151       This is free software; you can redistribute it and/or modify it under
152       the same terms as the Perl 5 programming language system itself.
153

DISCLAIMER OF WARRANTIES

155       THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
156       WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
157       MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
158
159
160
161perl v5.36.0                      2023-01-20Web::ID::Certificate::Generator(3)
Impressum