Package io.quarkus.vault.pki

Class GenerateRootOptions

  • public class GenerateRootOptions
extends Object
    Options for generating a self-signed root CA.

    • Field Detail

      • subjectCommonName

        public String subjectCommonName
        Specifies Common Name (CN) of the subject.

      • subjectOrganization

        public String subjectOrganization
        Specifies Organization (O) of the subject.

      • subjectOrganizationalUnit

        public String subjectOrganizationalUnit
        Specifies Organizational Unit (OU) of the subject.

      • subjectStreetAddress

        public String subjectStreetAddress
        Specifies Street Address of the subject.

      • subjectPostalCode

        public String subjectPostalCode
        Specifies Postal Code of the subject.

      • subjectLocality

        public String subjectLocality
        Specifies Locality (L) of the subject.

      • subjectProvince

        public String subjectProvince
        Specifies Province (ST) of the subject.

      • subjectCountry

        public String subjectCountry
        Specifies Country (C) of the subject.

      • subjectSerialNumber

        public String subjectSerialNumber
        Specifies the Serial Number (SERIALNUMBER) of the subject.

      • subjectAlternativeNames

        public List<String> subjectAlternativeNames
        Specifies Subject Alternative Names.

        These can be host names or email addresses; they will be parsed into their respective fields.

      • excludeCommonNameFromSubjectAlternativeNames

        public Boolean excludeCommonNameFromSubjectAlternativeNames
        Flag determining if the Common Name (CN) of the subject will be included by default in the Subject Alternative Names of issued certificates.

      • ipSubjectAlternativeNames

        public List<String> ipSubjectAlternativeNames
        Specifies IP Subject Alternative Names.

      • uriSubjectAlternativeNames

        public List<String> uriSubjectAlternativeNames
        Specifies URI Subject Alternative Names.

      • otherSubjectAlternativeNames

        public List<String> otherSubjectAlternativeNames
        Specifies custom OID/UTF8-string Subject Alternative Names.

        The format is the same as OpenSSL: ;: where the only current valid type is UTF8.

      • timeToLive

        public String timeToLive
        Specifies time-to-live.

        Value is specified as a string duration with time suffix. Hour is the largest supported suffix.

      • keyType

        public CertificateKeyType keyType
        Specifies the desired type of private key to generate, RSA or EC.

      • exportPrivateKey

        public boolean exportPrivateKey
        Flag determining if the generated private key should be exported or kept internally.

      • maxPathLength

        public Integer maxPathLength
        Specifies the maximum path length for generated certificate.

      • permittedDnsDomains

        public List<String> permittedDnsDomains
        DNS domains for which certificates are allowed to be issued or signed by this CA certificate. Subdomains are allowed, as per RFC.

      • format

        public DataFormat format
        Specifies returned format of certificate & private key data. If unspecified it defaults to DataFormat.PEM

    • Constructor Detail

      • GenerateRootOptions

        public GenerateRootOptions()