Method SSL.Context()->add_cert()
- Method add_cert
void add_cert(Crypto.Sign.State key, array(string(8bit)) certs, array(string(8bit))|void extra_name_globs)
variant void add_cert(string(8bit) key, array(string(8bit)) certs, array(string(8bit))|void extra_name_globs)
variant void add_cert(CertificatePair cp)- Description
Add a certificate.
This function is used on both servers and clients to add a key and chain of certificates to the set of certificate candidates to use in find_cert().
On a server these are used in the normal initial handshake, while on a client they are only used if a server requests client certificate authentication.
- Parameter key
Private key matching the first certificate in certs.
Supported key types are currently:
Crypto.RSA.State Rivest-Shamir-Adelman.
Crypto.DSA.State Digital Signing Algorithm.
Crypto.ECC.Curve.ECDSA Elliptic Curve Digital Signing Algorithm.
This key MUST match the public key in the first certificate in certs.
- Parameter certs
A chain of X509.v1 or X509.v3 certificates, with the local certificate first and root-most certificate last.
- Parameter extra_name_globs
Further SNI globs (than the ones in the first certificate), that this certificate should be selected for. Typically used to set the default certificate(s) by specifying
({ "*" })
.The SNI globs are only relevant for server-side certificates.
- Parameter cp
An alternative is to send an initialized CertificatePair.
- Throws
The function performs various validations of the key and certs, and throws errors if the validation fails.
- See also
find_cert()