Certificates

Canonical capability guide for certificate/PKI operations.

For complete domain-level reference and examples, see Certificate Domain.

Includes:

• Key pair generation.

• CSR and certificate building.

• SAN support via CertificateOptions.

• CA signing.

• Utility helpers (fingerprint, expiry, key match, chain verify, PEM normalize).

• PKCS#12 export/import.

Quick Example

use Infocyph\Epicrypt\Certificate\CertificateBuilder;
use Infocyph\Epicrypt\Certificate\CertificateOptions;
use Infocyph\Epicrypt\Certificate\KeyPairGenerator;

$keys = KeyPairGenerator::openSsl()->generate();
$dn = [
    'countryName' => 'US',
    'stateOrProvinceName' => 'CA',
    'localityName' => 'San Francisco',
    'organizationName' => 'Epicrypt',
    'commonName' => 'api.example.local',
    'emailAddress' => '[email protected]',
];

$cert = CertificateBuilder::openSsl()->selfSign(
    $dn,
    $keys['private'],
    options: new CertificateOptions(sanDns: ['api.example.local']),
);