CSR, CRL, Certificate, and Certificate Chain

This package defines certificate-related messages.

CertificateSigningRequest

A certificate signing request (CSR) for a public key.

Field	Type	Description	Required
`format`	`CertificateSigningRequestFormat`	The format of the CSR in \|data\|. Required.	No
`data`	`bytes`	The raw bytes of an encoded CSR. Required.	No

A certificate for a public key.

Field	Type	Description	Required
`format`	`CertificateFormat`	The format of the certificate in \|data\|. Required.	No
`data`	`bytes`	The raw bytes of an encoded certificate. Required.	No

A chain of certificates. In general, the following properties apply:

The first certificate in the chain is the end-entity certificate. This certificate belongs to an entity that is presenting a certificate chain in order to prove a public key trustworthy.
Certificates in the range [1, N-1] belong to intermediate certificate authorities.
The last certificate in the chain represents the root certificate. This certificate is self-signed, and belongs to an entity that is trusted by the relying party for some out-of-band reason.
A certificate with index i in the range [0, N-1] is signed by the private key corresponding to the certificate with index i+1.

Additional properties may apply for particular certificate types.

Note that a CertificateChain may use more than one certificate format.

Field	Type	Description	Required
`certificates`	`Certificate[]`	A chain of certificates.	No

A Certificate Revocation List (CRL).

Field	Type	Description	Required
`format`	`CertificateRevocationListFormat`	The format of the certificate revocation list in \|data\|. Required.	No
`data`	`bytes`	The raw bytes of an encoded certificate revocation list. Required.	No

Defines different CSR formats.

Name	Description
`UNKNOWN`
`PKCS10_DER`	A PKCS #10 certificate request encoded in DER format (.der file).
`PKCS10_PEM`	A PKCS #10 certificate request encoded in PEM format (.pem file).

Defines different certificate formats.

Name	Description
`UNKNOWN`
`X509_DER`	An X.509 certificate encoded in DER format (.der file).
`X509_PEM`	An X.509 certificate encoded in PEM format (.pem file).
`SGX_ATTESTATION_KEY_CERTIFICATE`	A serialized sgx.AttestationKeyCertificate proto for an SGX attestation key.

Defines different certificate revocation list formats.

Name	Description
`UNKNOWN`
`X509_DER`	An X.509 certificate revocation list in DER format (.der file).
`X509_PEM`	An X.509 certificate revocation list in PEM format (.pem file).