RubyGems - r509 - Versions diffs - 0.8.1 → 0.9 - Mend

r509 0.8.1 → 0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

data/README.md +343 -151
data/Rakefile +26 -23
data/bin/r509 +126 -112
data/bin/r509-parse +24 -24
data/doc/R509.html +169 -7
data/doc/R509/ASN1.html +370 -0
data/doc/R509/ASN1/GeneralName.html +1121 -0
data/doc/R509/ASN1/GeneralNames.html +843 -0
data/doc/R509/ASN1/NoticeReference.html +392 -0
data/doc/R509/ASN1/PolicyInformation.html +387 -0
data/doc/R509/ASN1/PolicyQualifiers.html +455 -0
data/doc/R509/ASN1/UserNotice.html +386 -0
data/doc/R509/{Crl.html → CRL.html} +7 -7
data/doc/R509/CRL/Administrator.html +1559 -0
data/doc/R509/{Crl/Parser.html → CRL/SignedList.html} +501 -210
data/doc/R509/{Csr.html → CSR.html} +444 -314
data/doc/R509/Cert.html +866 -617
data/doc/R509/Cert/Extensions.html +52 -41
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +70 -35
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +387 -4
data/doc/R509/Cert/Extensions/BasicConstraints.html +61 -25
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +354 -0
data/doc/R509/Cert/Extensions/CertificatePolicies.html +340 -0
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +440 -49
data/doc/R509/Cert/Extensions/{CrlDistributionPoints.html → InhibitAnyPolicy.html} +52 -35
data/doc/R509/Cert/Extensions/KeyUsage.html +247 -121
data/doc/R509/Cert/Extensions/NameConstraints.html +445 -0
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +239 -0
data/doc/R509/Cert/Extensions/PolicyConstraints.html +424 -0
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +437 -62
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +52 -10
data/doc/R509/CertificateAuthority.html +4 -4
data/doc/R509/CertificateAuthority/Signer.html +154 -187
data/doc/R509/Config.html +6 -6
data/doc/R509/Config/{CaConfig.html → CAConfig.html} +451 -348
data/doc/R509/Config/{CaConfigPool.html → CAConfigPool.html} +47 -47
data/doc/R509/Config/CAProfile.html +1015 -0
data/doc/R509/Config/SubjectItemPolicy.html +86 -86
data/doc/R509/IOHelpers.html +22 -22
data/doc/R509/MessageDigest.html +14 -14
data/doc/R509/NameSanitizer.html +53 -53
data/doc/R509/{Ocsp.html → OCSP.html} +9 -9
data/doc/R509/{Ocsp → OCSP}/Request.html +7 -7
data/doc/R509/{Ocsp → OCSP}/Request/Nonce.html +56 -11
data/doc/R509/{Ocsp → OCSP}/Response.html +44 -44
data/doc/R509/{OidMapper.html → OIDMapper.html} +23 -39
data/doc/R509/PrivateKey.html +415 -168
data/doc/R509/R509Error.html +3 -3
data/doc/R509/{Spki.html → SPKI.html} +354 -192
data/doc/R509/Subject.html +224 -113
data/doc/R509/Validity.html +27 -5
data/doc/R509/Validity/Checker.html +13 -13
data/doc/R509/Validity/DefaultChecker.html +13 -13
data/doc/R509/Validity/DefaultWriter.html +14 -14
data/doc/R509/Validity/Status.html +39 -39
data/doc/R509/Validity/Writer.html +18 -18
data/doc/_index.html +138 -35
data/doc/class_list.html +1 -1
data/doc/css/style.css +10 -0
data/doc/file.README.html +368 -171
data/doc/file.r509.html +92 -69
data/doc/frames.html +1 -1
data/doc/index.html +368 -171
data/doc/method_list.html +910 -390
data/doc/top-level-namespace.html +3 -3
data/lib/r509.rb +32 -16
data/lib/r509/asn1.rb +375 -0
data/lib/r509/cert.rb +381 -364
data/lib/r509/cert/extensions.rb +443 -76
data/lib/r509/certificate_authority.rb +407 -0
data/lib/r509/config.rb +547 -351
data/lib/r509/crl.rb +336 -366
data/lib/r509/csr.rb +278 -289
data/lib/r509/ec-hack.rb +37 -0
data/lib/r509/exceptions.rb +3 -3
data/lib/r509/io_helpers.rb +44 -44
data/lib/r509/message_digest.rb +53 -0
data/lib/r509/ocsp.rb +80 -70
data/lib/r509/oid_mapper.rb +32 -0
data/lib/r509/private_key.rb +228 -0
data/lib/r509/spki.rb +145 -93
data/lib/r509/subject.rb +203 -110
data/lib/r509/validity.rb +70 -68
data/lib/r509/version.rb +2 -2
data/r509.yaml +92 -69
data/spec/asn1_spec.rb +402 -0
data/spec/cert/extensions_spec.rb +957 -494
data/spec/cert_spec.rb +382 -307
data/spec/certificate_authority_spec.rb +668 -250
data/spec/config_spec.rb +515 -302
data/spec/crl_spec.rb +197 -198
data/spec/csr_spec.rb +334 -289
data/spec/fixtures.rb +247 -171
data/spec/fixtures/cert1.der +0 -0
data/spec/fixtures/cert1.pem +0 -0
data/spec/fixtures/cert1_public_key_modulus.txt +0 -0
data/spec/fixtures/cert3.p12 +0 -0
data/spec/fixtures/cert3.pem +0 -0
data/spec/fixtures/cert3_key.pem +0 -0
data/spec/fixtures/cert3_key_des3.pem +0 -0
data/spec/fixtures/cert4.pem +0 -0
data/spec/fixtures/cert5.pem +0 -0
data/spec/fixtures/cert6.pem +0 -0
data/spec/fixtures/cert_expired.pem +0 -0
data/spec/fixtures/cert_inhibit.pem +24 -0
data/spec/fixtures/cert_name_constraints.pem +29 -0
data/spec/fixtures/cert_not_yet_valid.pem +0 -0
data/spec/fixtures/cert_ocsp_no_check.pem +18 -0
data/spec/fixtures/cert_policy_constraints.pem +31 -0
data/spec/fixtures/cert_san.pem +0 -0
data/spec/fixtures/cert_san2.pem +0 -0
data/spec/fixtures/cert_unknown_extension.pem +28 -0
data/spec/fixtures/config_pool_test_minimal.yaml +11 -11
data/spec/fixtures/config_test.yaml +54 -36
data/spec/fixtures/config_test_dsa.yaml +35 -0
data/spec/fixtures/config_test_ec.yaml +35 -0
data/spec/fixtures/config_test_engine_key.yaml +5 -5
data/spec/fixtures/config_test_engine_no_key_name.yaml +4 -4
data/spec/fixtures/config_test_minimal.yaml +4 -4
data/spec/fixtures/config_test_password.yaml +5 -5
data/spec/fixtures/config_test_various.yaml +111 -74
data/spec/fixtures/crl_list_file.txt +0 -0
data/spec/fixtures/crl_with_reason.pem +0 -0
data/spec/fixtures/csr1.der +0 -0
data/spec/fixtures/csr1.pem +0 -0
data/spec/fixtures/csr1_key.der +0 -0
data/spec/fixtures/csr1_key.pem +0 -0
data/spec/fixtures/csr1_key_encrypted_des3.pem +0 -0
data/spec/fixtures/csr1_newlines.pem +0 -0
data/spec/fixtures/csr1_no_begin_end.pem +0 -0
data/spec/fixtures/csr1_public_key_modulus.txt +0 -0
data/spec/fixtures/csr2.pem +0 -0
data/spec/fixtures/csr2_key.pem +0 -0
data/spec/fixtures/csr3.pem +0 -0
data/spec/fixtures/csr4.pem +0 -0
data/spec/fixtures/csr_dsa.pem +0 -0
data/spec/fixtures/csr_invalid_signature.pem +0 -0
data/spec/fixtures/dsa_key.pem +0 -0
data/spec/fixtures/dsa_root.cer +28 -0
data/spec/fixtures/dsa_root.key +20 -0
data/spec/fixtures/ec_csr2.der +0 -0
data/spec/fixtures/ec_csr2.pem +8 -0
data/spec/fixtures/ec_key1.der +0 -0
data/spec/fixtures/ec_key1.pem +6 -0
data/spec/fixtures/ec_key1_encrypted.pem +9 -0
data/spec/fixtures/ec_key2.pem +6 -0
data/spec/fixtures/hmacsha1.sig +1 -0
data/spec/fixtures/hmacsha512.sig +1 -0
data/spec/fixtures/key4.pem +0 -0
data/spec/fixtures/key4_encrypted_des3.pem +0 -0
data/spec/fixtures/missing_key_identifier_ca.cer +0 -0
data/spec/fixtures/missing_key_identifier_ca.key +0 -0
data/spec/fixtures/ocsptest.r509.local.pem +0 -0
data/spec/fixtures/ocsptest.r509.local_ocsp_request.der +0 -0
data/spec/fixtures/ocsptest2.r509.local.pem +0 -0
data/spec/fixtures/second_ca.cer +0 -0
data/spec/fixtures/second_ca.key +0 -0
data/spec/fixtures/spkac.der +0 -0
data/spec/fixtures/spkac.txt +0 -0
data/spec/fixtures/spkac_dsa.txt +1 -1
data/spec/fixtures/spkac_dsa_no_verify.txt +1 -0
data/spec/fixtures/spkac_ec.txt +1 -0
data/spec/fixtures/spkac_rsa_newlines.txt +13 -0
data/spec/fixtures/stca.pem +0 -0
data/spec/fixtures/stca_ocsp_request.der +0 -0
data/spec/fixtures/stca_ocsp_response.der +0 -0
data/spec/fixtures/test1.csr +0 -0
data/spec/fixtures/test_ca.cer +0 -0
data/spec/fixtures/test_ca.key +0 -0
data/spec/fixtures/test_ca.p12 +0 -0
data/spec/fixtures/test_ca_des3.key +0 -0
data/spec/fixtures/test_ca_ec.cer +14 -0
data/spec/fixtures/test_ca_ec.key +6 -0
data/spec/fixtures/test_ca_ec_ee.cer +22 -0
data/spec/fixtures/test_ca_ec_ee.key +6 -0
data/spec/fixtures/test_ca_ocsp.cer +0 -0
data/spec/fixtures/test_ca_ocsp.key +0 -0
data/spec/fixtures/test_ca_ocsp.p12 +0 -0
data/spec/fixtures/test_ca_ocsp_chain.txt +0 -0
data/spec/fixtures/test_ca_ocsp_response.der +0 -0
data/spec/fixtures/test_ca_subroot.cer +0 -0
data/spec/fixtures/test_ca_subroot.key +0 -0
data/spec/fixtures/test_ca_subroot_ocsp.cer +0 -0
data/spec/fixtures/test_ca_subroot_ocsp.key +0 -0
data/spec/fixtures/test_ca_subroot_ocsp_response.der +0 -0
data/spec/fixtures/unknown_oid.csr +0 -0
data/spec/message_digest_spec.rb +104 -84
data/spec/ocsp_spec.rb +105 -105
data/spec/oid_mapper_spec.rb +21 -21
data/spec/private_key_spec.rb +275 -0
data/spec/r509_spec.rb +35 -0
data/spec/spec_helper.rb +15 -6
data/spec/spki_spec.rb +221 -142
data/spec/subject_spec.rb +232 -164
data/spec/validity_spec.rb +91 -91
metadata +79 -25
data/doc/R509/Config/CaProfile.html +0 -651
data/doc/R509/Crl/Administrator.html +0 -2073
data/lib/r509/certificateauthority.rb +0 -290
data/lib/r509/messagedigest.rb +0 -49
data/lib/r509/oidmapper.rb +0 -32
data/lib/r509/privatekey.rb +0 -185
data/spec/privatekey_spec.rb +0 -198

data/doc/R509/Cert.html CHANGED Viewed

@@ -6,7 +6,7 @@
 <title>
   Class: R509::Cert
-    &mdash; Documentation by YARD 0.8.2.1
+    &mdash; Documentation by YARD 0.8.5
 </title>
@@ -159,6 +159,35 @@
 <p>Returns the value of attribute cert.</p>
 </div></span>
+</li>
+      <li class="public ">
+  <span class="summary_signature">
+      <a href="#issuer-instance_method" title="#issuer (instance method)">- (Object) <strong>issuer</strong> </a>
+  </span>
+      <span class="note title readonly">readonly</span>
+    <span class="summary_desc"><div class='inline'>
+<p>Returns the value of attribute issuer.</p>
+</div></span>
 </li>
@@ -188,6 +217,35 @@
 <p>Returns the value of attribute key.</p>
 </div></span>
+</li>
+      <li class="public ">
+  <span class="summary_signature">
+      <a href="#subject-instance_method" title="#subject (instance method)">- (Object) <strong>subject</strong> </a>
+  </span>
+      <span class="note title readonly">readonly</span>
+    <span class="summary_desc"><div class='inline'>
+<p>Returns the value of attribute subject.</p>
+</div></span>
 </li>
@@ -240,10 +298,36 @@
         <li class="public ">
   <span class="summary_signature">
+      <a href="#all_names-instance_method" title="#all_names (instance method)">- (Array) <strong>all_names</strong> </a>
+  </span>
+    <span class="summary_desc"><div class='inline'>
+<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+</div></span>
+</li>
+        <li class="public ">
+  <span class="summary_signature">
       <a href="#authority_info_access-instance_method" title="#authority_info_access (instance method)">- (R509::Cert::Extensions::AuthorityInfoAccess) <strong>authority_info_access</strong> </a>
+      (also: #aia)
   </span>
@@ -337,7 +421,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#crl_distribution_points-instance_method" title="#crl_distribution_points (instance method)">- (R509::Cert::Extensions::CrlDistributionPoints) <strong>crl_distribution_points</strong> </a>
+      <a href="#certificate_policies-instance_method" title="#certificate_policies (instance method)">- (R509::Cert::Extensions::CertificatePolicies) <strong>certificate_policies</strong> </a>
@@ -352,7 +436,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's CrlDistributionPoints extension as an R509 extension.</p>
+<p>Returns this object's CertificatePolicies extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -361,10 +445,12 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#dsa%3F-instance_method" title="#dsa? (instance method)">- (Boolean) <strong>dsa?</strong> </a>
+      <a href="#crl_distribution_points-instance_method" title="#crl_distribution_points (instance method)">- (R509::Cert::Extensions::CRLDistributionPoints) <strong>crl_distribution_points</strong> </a>
+      (also: #cdp)
   </span>
@@ -376,7 +462,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns whether the public key is DSA.</p>
+<p>Returns this object's CRLDistributionPoints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -385,7 +471,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#extended_key_usage-instance_method" title="#extended_key_usage (instance method)">- (R509::Cert::Extensions::ExtendedKeyUsage) <strong>extended_key_usage</strong> </a>
+      <a href="#curve_name-instance_method" title="#curve_name (instance method)">- (String) <strong>curve_name</strong> </a>
@@ -400,7 +486,8 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's ExtendedKeyUsage extension as an R509 extension.</p>
+<p>Returns the short name of the elliptic curve used to generate the public
+key if the key is EC.</p>
 </div></span>
 </li>
@@ -409,7 +496,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#extensions-instance_method" title="#extensions (instance method)">- (Array) <strong>extensions</strong> </a>
+      <a href="#dsa%3F-instance_method" title="#dsa? (instance method)">- (Boolean) <strong>dsa?</strong> </a>
@@ -424,7 +511,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Return the certificate extensions.</p>
+<p>Returns whether the public key is DSA.</p>
 </div></span>
 </li>
@@ -433,7 +520,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#fingerprint-instance_method" title="#fingerprint (instance method)">- (String) <strong>fingerprint</strong>(algorithm = 'sha1') </a>
+      <a href="#ec%3F-instance_method" title="#ec? (instance method)">- (Boolean) <strong>ec?</strong> </a>
@@ -448,8 +535,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate fingerprint with the specified algorithm (default
-sha1).</p>
+<p>Returns whether the public key is EC.</p>
 </div></span>
 </li>
@@ -458,10 +544,12 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#has_private_key%3F-instance_method" title="#has_private_key? (instance method)">- (Boolean) <strong>has_private_key?</strong> </a>
+      <a href="#extended_key_usage-instance_method" title="#extended_key_usage (instance method)">- (R509::Cert::Extensions::ExtendedKeyUsage) <strong>extended_key_usage</strong> </a>
+      (also: #eku)
   </span>
@@ -473,7 +561,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Boolean of whether the object contains a private key.</p>
+<p>Returns this object's ExtendedKeyUsage extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -482,15 +570,13 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#initialize-instance_method" title="#initialize (instance method)">- (Cert) <strong>initialize</strong>(opts = {}) </a>
+      <a href="#extensions-instance_method" title="#extensions (instance method)">- (Hash) <strong>extensions</strong> </a>
   </span>
-    <span class="note title constructor">constructor</span>
@@ -499,7 +585,8 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>A new instance of Cert.</p>
+<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
+specific objects.</p>
 </div></span>
 </li>
@@ -508,7 +595,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#is_revoked_by_crl%3F-instance_method" title="#is_revoked_by_crl? (instance method)">- (Boolean) <strong>is_revoked_by_crl?</strong>(r509_crl) </a>
+      <a href="#fingerprint-instance_method" title="#fingerprint (instance method)">- (String) <strong>fingerprint</strong>(algorithm = 'sha1') </a>
@@ -523,7 +610,8 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Checks the given CRL for this certificate's serial number.</p>
+<p>Returns the certificate fingerprint with the specified algorithm (default
+sha1).</p>
 </div></span>
 </li>
@@ -532,7 +620,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#issuer-instance_method" title="#issuer (instance method)">- (OpenSSL::X509::Name) <strong>issuer</strong> </a>
+      <a href="#has_private_key%3F-instance_method" title="#has_private_key? (instance method)">- (Boolean) <strong>has_private_key?</strong> </a>
@@ -547,7 +635,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the issuer.</p>
+<p>Boolean of whether the object contains a private key.</p>
 </div></span>
 </li>
@@ -556,7 +644,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#issuer_cn-instance_method" title="#issuer_cn (instance method)">- (String) <strong>issuer_cn</strong> </a>
+      <a href="#hexserial-instance_method" title="#hexserial (instance method)">- (String) <strong>hexserial</strong> </a>
@@ -571,7 +659,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>The common name (CN) component of the issuer.</p>
+<p>Returns the serial number of the certificate in hexadecimal form.</p>
 </div></span>
 </li>
@@ -580,7 +668,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#key_algorithm-instance_method" title="#key_algorithm (instance method)">- (String) <strong>key_algorithm</strong> </a>
+      <a href="#inhibit_any_policy-instance_method" title="#inhibit_any_policy (instance method)">- (R509::Cert::Extensions::InhibitAnyPolicy) <strong>inhibit_any_policy</strong> </a>
@@ -595,7 +683,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns key algorithm (RSA or DSA).</p>
+<p>Returns this object's InhibitAnyPolicy extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -604,13 +692,15 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#key_usage-instance_method" title="#key_usage (instance method)">- (R509::Cert::Extensions::KeyUsage) <strong>key_usage</strong> </a>
+      <a href="#initialize-instance_method" title="#initialize (instance method)">- (Cert) <strong>initialize</strong>(opts = {}) </a>
   </span>
+    <span class="note title constructor">constructor</span>
@@ -619,7 +709,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's KeyUsage extension as an R509 extension.</p>
+<p>A new instance of Cert.</p>
 </div></span>
 </li>
@@ -628,7 +718,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#not_after-instance_method" title="#not_after (instance method)">- (Time) <strong>not_after</strong> </a>
+      <a href="#is_revoked_by_crl%3F-instance_method" title="#is_revoked_by_crl? (instance method)">- (Boolean) <strong>is_revoked_by_crl?</strong>(r509_crl) </a>
@@ -643,7 +733,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns ending (notAfter) of certificate validity period.</p>
+<p>Checks the given CRL for this certificate's serial number.</p>
 </div></span>
 </li>
@@ -652,7 +742,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#not_before-instance_method" title="#not_before (instance method)">- (Time) <strong>not_before</strong> </a>
+      <a href="#key_algorithm-instance_method" title="#key_algorithm (instance method)">- (Symbol) <strong>key_algorithm</strong> </a>
@@ -667,7 +757,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns beginning (notBefore) of certificate validity period.</p>
+<p>Returns key algorithm (RSA, DSA, EC).</p>
 </div></span>
 </li>
@@ -676,10 +766,12 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#public_key-instance_method" title="#public_key (instance method)">- (OpenSSL::PKey::RSA) <strong>public_key</strong> </a>
+      <a href="#key_usage-instance_method" title="#key_usage (instance method)">- (R509::Cert::Extensions::KeyUsage) <strong>key_usage</strong> </a>
+      (also: #ku)
   </span>
@@ -691,7 +783,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate public key.</p>
+<p>Returns this object's KeyUsage extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -700,7 +792,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#r509_extensions-instance_method" title="#r509_extensions (instance method)">- (Hash) <strong>r509_extensions</strong> </a>
+      <a href="#name_constraints-instance_method" title="#name_constraints (instance method)">- (R509::Cert::Extensions::NameConstraints) <strong>name_constraints</strong> </a>
@@ -715,8 +807,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
-specific objects.</p>
+<p>Returns this object's NameConstraints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -725,7 +816,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#rsa%3F-instance_method" title="#rsa? (instance method)">- (Boolean) <strong>rsa?</strong> </a>
+      <a href="#not_after-instance_method" title="#not_after (instance method)">- (Time) <strong>not_after</strong> </a>
@@ -740,7 +831,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns whether the public key is RSA.</p>
+<p>Returns ending (notAfter) of certificate validity period.</p>
 </div></span>
 </li>
@@ -749,7 +840,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#san_names-instance_method" title="#san_names (instance method)">- (Array) <strong>san_names</strong> </a>
+      <a href="#not_before-instance_method" title="#not_before (instance method)">- (Time) <strong>not_before</strong> </a>
@@ -764,7 +855,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>List of SAN DNS names.</p>
+<p>Returns beginning (notBefore) of certificate validity period.</p>
 </div></span>
 </li>
@@ -773,7 +864,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#serial-instance_method" title="#serial (instance method)">- (Integer) <strong>serial</strong> </a>
+      <a href="#ocsp_no_check%3F-instance_method" title="#ocsp_no_check? (instance method)">- (Boolean) <strong>ocsp_no_check?</strong> </a>
@@ -788,7 +879,8 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the serial number of the certificate in decimal form.</p>
+<p>Returns true if the OCSP No Check extension is present (value is irrelevant
+to this extension).</p>
 </div></span>
 </li>
@@ -797,7 +889,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#signature_algorithm-instance_method" title="#signature_algorithm (instance method)">- (String) <strong>signature_algorithm</strong> </a>
+      <a href="#policy_constraints-instance_method" title="#policy_constraints (instance method)">- (R509::Cert::Extensions::PolicyConstraints) <strong>policy_constraints</strong> </a>
@@ -812,7 +904,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns signature algorithm.</p>
+<p>Returns this object's PolicyConstraints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -821,7 +913,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject-instance_method" title="#subject (instance method)">- (OpenSSL::X509::Name) <strong>subject</strong> </a>
+      <a href="#public_key-instance_method" title="#public_key (instance method)">- (OpenSSL::PKey::RSA) <strong>public_key</strong> </a>
@@ -836,7 +928,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the subject.</p>
+<p>Returns the certificate public key.</p>
 </div></span>
 </li>
@@ -845,7 +937,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_alternative_name-instance_method" title="#subject_alternative_name (instance method)">- (R509::Cert::Extensions::SubjectAlternativeName) <strong>subject_alternative_name</strong> </a>
+      <a href="#rsa%3F-instance_method" title="#rsa? (instance method)">- (Boolean) <strong>rsa?</strong> </a>
@@ -860,8 +952,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's SubjectAlternativeName extension as an R509
-extension.</p>
+<p>Returns whether the public key is RSA.</p>
 </div></span>
 </li>
@@ -870,7 +961,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_cn-instance_method" title="#subject_cn (instance method)">- (String) <strong>subject_cn</strong> </a>
+      <a href="#serial-instance_method" title="#serial (instance method)">- (Integer) <strong>serial</strong> </a>
@@ -885,7 +976,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the CN component, if any, of the subject.</p>
+<p>Returns the serial number of the certificate in decimal form.</p>
 </div></span>
 </li>
@@ -894,7 +985,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_component-instance_method" title="#subject_component (instance method)">- (String) <strong>subject_component</strong>(short_name) </a>
+      <a href="#signature_algorithm-instance_method" title="#signature_algorithm (instance method)">- (String) <strong>signature_algorithm</strong> </a>
@@ -909,7 +1000,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns subject component.</p>
+<p>Returns signature algorithm.</p>
 </div></span>
 </li>
@@ -918,10 +1009,12 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_key_identifier-instance_method" title="#subject_key_identifier (instance method)">- (R509::Cert::Extensions::SubjectKeyIdentifier) <strong>subject_key_identifier</strong> </a>
+      <a href="#subject_alternative_name-instance_method" title="#subject_alternative_name (instance method)">- (R509::Cert::Extensions::SubjectAlternativeName) <strong>subject_alternative_name</strong> </a>
+      (also: #san, #subject_alt_name)
   </span>
@@ -933,7 +1026,8 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension.</p>
+<p>Returns this object's SubjectAlternativeName extension as an R509
+extension.</p>
 </div></span>
 </li>
@@ -942,7 +1036,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_names-instance_method" title="#subject_names (instance method)">- (Array) <strong>subject_names</strong> </a>
+      <a href="#subject_key_identifier-instance_method" title="#subject_key_identifier (instance method)">- (R509::Cert::Extensions::SubjectKeyIdentifier) <strong>subject_key_identifier</strong> </a>
@@ -957,7 +1051,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -1314,44 +1408,36 @@ support)</p>
 39
 40
 41
-42
-43
-44
-45
-46</pre>
+42</pre>
     </td>
     <td>
       <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 17</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide a hash of options</span><span class='tstring_end'>'</span></span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span> <span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>When providing pkcs12, do not pass cert or key</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>elsif</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pkcs12</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
-        <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
-        <span class='ivar'>@key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='rparen'>)</span>
-    <span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide :cert or :pkcs12</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide a hash of options</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span> <span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>When providing pkcs12, do not pass cert or key</span><span class='tstring_end'>&quot;</span></span>
+  <span class='kw'>elsif</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pkcs12</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
+    <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='rparen'>)</span>
+  <span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide :cert or :pkcs12</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>else</span>
+    <span class='id identifier rubyid_csr_check'>csr_check</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span>
+    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='rparen'>)</span>
+      <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span>
     <span class='kw'>else</span>
-        <span class='id identifier rubyid_csr_check'>csr_check</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span>
-        <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='rparen'>)</span>
-            <span class='ivar'>@key</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span>
-        <span class='kw'>else</span>
-            <span class='ivar'>@key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:password</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
-        <span class='kw'>end</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='op'>==</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='kw'>then</span>
-            <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Key does not match cert.</span><span class='tstring_end'>'</span></span>
-        <span class='kw'>end</span>
+      <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:password</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
     <span class='kw'>end</span>
+  <span class='kw'>end</span>
+  <span class='id identifier rubyid_associate_private_key'>associate_private_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1407,6 +1493,49 @@ support)</p>
 </div>
+      <span id=""></span>
+      <div class="method_details ">
+  <h3 class="signature " id="issuer-instance_method">
+    - (<tt>Object</tt>) <strong>issuer</strong>  <span class="extras">(readonly)</span>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the value of attribute issuer</p>
+  </div>
+</div>
+<div class="tags">
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+11
+12
+13</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 11</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_issuer'>issuer</span>
+  <span class='ivar'>@issuer</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
       <span id=""></span>
       <div class="method_details ">
   <h3 class="signature " id="key-instance_method">
@@ -1449,6 +1578,49 @@ support)</p>
 </table>
 </div>
+      <span id=""></span>
+      <div class="method_details ">
+  <h3 class="signature " id="subject-instance_method">
+    - (<tt>Object</tt>) <strong>subject</strong>  <span class="extras">(readonly)</span>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the value of attribute subject</p>
+  </div>
+</div>
+<div class="tags">
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+11
+12
+13</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 11</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject'>subject</span>
+  <span class='ivar'>@subject</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
   </div>
@@ -1520,15 +1692,15 @@ support)</p>
       <pre class="lines">
-52
-53
-54</pre>
+48
+49
+50</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 52</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 48</span>
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_load_from_file'>load_from_file</span><span class='lparen'>(</span> <span class='id identifier rubyid_filename'>filename</span> <span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=&gt;</span> <span class='const'>IOHelpers</span><span class='period'>.</span><span class='id identifier rubyid_read_data'>read_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=&gt;</span> <span class='const'>IOHelpers</span><span class='period'>.</span><span class='id identifier rubyid_read_data'>read_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1542,9 +1714,9 @@ support)</p>
       <div class="method_details first">
-  <h3 class="signature first" id="authority_info_access-instance_method">
+  <h3 class="signature first" id="all_names-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>) <strong>authority_info_access</strong>
+    - (<tt>Array</tt>) <strong>all_names</strong>
@@ -1553,7 +1725,7 @@ support)</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's AuthorityInfoAccess extension as an R509 extension</p>
+<p>Return the CN, as well as all the subject alternative names (SANs).</p>
   </div>
@@ -1566,14 +1738,14 @@ support)</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>)</span>
+        <span class='type'>(<tt>Array</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a AuthorityInfoAccess
-extension.</p>
+<p>the array of names. Returns an empty array if there are no names, at all.
+Discards SAN types</p>
 </div>
     </li>
@@ -1586,15 +1758,23 @@ extension.</p>
       <pre class="lines">
-385
-386
-387</pre>
+156
+157
+158
+159
+160
+161
+162</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 385</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 156</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_authority_info_access'>authority_info_access</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityInfoAccess</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_all_names'>all_names</span>
+  <span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
+  <span class='id identifier rubyid_ret'>ret</span> <span class='op'>&lt;&lt;</span> <span class='ivar'>@subject</span><span class='period'>.</span><span class='const'>CN</span> <span class='kw'>unless</span> <span class='ivar'>@subject</span><span class='period'>.</span><span class='const'>CN</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+  <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_names'>names</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_n'>n</span><span class='op'>|</span> <span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='rbrace'>}</span> <span class='rparen'>)</span> <span class='kw'>unless</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_sort'>sort</span><span class='period'>.</span><span class='id identifier rubyid_uniq'>uniq</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1602,18 +1782,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="authority_key_identifier-instance_method">
+  <h3 class="signature " id="authority_info_access-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>) <strong>authority_key_identifier</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>) <strong>authority_info_access</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='aia-instance_method'>aia</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's AuthorityKeyIdentifier extension as an R509 extension</p>
+<p>Returns this object's AuthorityInfoAccess extension as an R509 extension</p>
+<p>if this cert does not have a AuthorityInfoAccess extension.</p>
   </div>
@@ -1626,14 +1812,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a AuthorityKeyIdentifier
-extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1646,15 +1831,15 @@ extension.</p>
       <pre class="lines">
-369
-370
-371</pre>
+349
+350
+351</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 369</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 349</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_authority_key_identifier'>authority_key_identifier</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_authority_info_access'>authority_info_access</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityInfoAccess</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1662,9 +1847,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="basic_constraints-instance_method">
+  <h3 class="signature " id="authority_key_identifier-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>) <strong>basic_constraints</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>) <strong>authority_key_identifier</strong>
@@ -1673,7 +1858,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's BasicConstraints extension as an R509 extension</p>
+<p>Returns this object's AuthorityKeyIdentifier extension as an R509 extension</p>
+<p>if this cert does not have a AuthorityKeyIdentifier extension.</p>
   </div>
@@ -1686,13 +1873,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a BasicConstraints extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1705,15 +1892,15 @@ extension.</p>
       <pre class="lines">
-337
-338
-339</pre>
+331
+332
+333</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 337</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 331</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>BasicConstraints</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_authority_key_identifier'>authority_key_identifier</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1721,9 +1908,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="bit_strength-instance_method">
+  <h3 class="signature " id="basic_constraints-instance_method">
-    - (<tt>Integer</tt>) <strong>bit_strength</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>) <strong>basic_constraints</strong>
@@ -1732,7 +1919,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the bit strength of the key used to create the certificate</p>
+<p>Returns this object's BasicConstraints extension as an R509 extension</p>
+<p>if this cert does not have a BasicConstraints extension.</p>
   </div>
@@ -1745,13 +1934,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Integer</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>integer value of bit strength</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1764,23 +1953,15 @@ extension.</p>
       <pre class="lines">
-230
-231
-232
-233
-234
-235
-236</pre>
+297
+298
+299</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 230</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 297</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_bit_strength'>bit_strength</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
-    <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>BasicConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1788,9 +1969,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="crl_distribution_points-instance_method">
+  <h3 class="signature " id="bit_strength-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/CrlDistributionPoints.html" title="R509::Cert::Extensions::CrlDistributionPoints (class)">R509::Cert::Extensions::CrlDistributionPoints</a></span></tt>) <strong>crl_distribution_points</strong>
+    - (<tt>Integer</tt>) <strong>bit_strength</strong>
@@ -1799,7 +1980,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's CrlDistributionPoints extension as an R509 extension</p>
+<p>Returns the bit strength of the key used to create the certificate</p>
   </div>
@@ -1812,14 +1993,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CrlDistributionPoints.html" title="R509::Cert::Extensions::CrlDistributionPoints (class)">R509::Cert::Extensions::CrlDistributionPoints</a></span></tt>)</span>
+        <span class='type'>(<tt>Integer</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a CrlDistributionPoints
-extension.</p>
+<p>integer value of bit strength</p>
 </div>
     </li>
@@ -1832,15 +2012,27 @@ extension.</p>
       <pre class="lines">
-393
-394
-395</pre>
+188
+189
+190
+191
+192
+193
+194
+195
+196</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 393</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 188</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_crl_distribution_points'>crl_distribution_points</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CrlDistributionPoints</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_bit_strength'>bit_strength</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Bit strength is not available for EC at this time.</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1848,9 +2040,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="dsa?-instance_method">
+  <h3 class="signature " id="certificate_policies-instance_method">
-    - (<tt>Boolean</tt>) <strong>dsa?</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">R509::Cert::Extensions::CertificatePolicies</a></span></tt>) <strong>certificate_policies</strong>
@@ -1859,7 +2051,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns whether the public key is DSA</p>
+<p>Returns this object's CertificatePolicies extension as an R509 extension</p>
+<p>if this cert does not have a CertificatePolicies extension.</p>
   </div>
@@ -1872,13 +2066,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">R509::Cert::Extensions::CertificatePolicies</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>true if the public key is DSA, false otherwise</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1891,15 +2085,15 @@ extension.</p>
       <pre class="lines">
-223
-224
-225</pre>
+375
+376
+377</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 223</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 375</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_dsa?'>dsa?</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>DSA</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_certificate_policies'>certificate_policies</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CertificatePolicies</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1907,18 +2101,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="extended_key_usage-instance_method">
+  <h3 class="signature " id="crl_distribution_points-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>) <strong>extended_key_usage</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">R509::Cert::Extensions::CRLDistributionPoints</a></span></tt>) <strong>crl_distribution_points</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='cdp-instance_method'>cdp</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's ExtendedKeyUsage extension as an R509 extension</p>
+<p>Returns this object's CRLDistributionPoints extension as an R509 extension</p>
+<p>if this cert does not have a CRLDistributionPoints extension.</p>
   </div>
@@ -1931,13 +2131,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">R509::Cert::Extensions::CRLDistributionPoints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a ExtendedKeyUsage extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1950,15 +2150,15 @@ extension.</p>
       <pre class="lines">
-353
-354
-355</pre>
+358
+359
+360</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 353</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 358</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>ExtendedKeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_crl_distribution_points'>crl_distribution_points</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CRLDistributionPoints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1966,9 +2166,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="extensions-instance_method">
+  <h3 class="signature " id="curve_name-instance_method">
-    - (<tt>Array</tt>) <strong>extensions</strong>
+    - (<tt>String</tt>) <strong>curve_name</strong>
@@ -1977,7 +2177,8 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Return the certificate extensions</p>
+<p>Returns the short name of the elliptic curve used to generate the public
+key if the key is EC. If not, raises an error.</p>
   </div>
@@ -1990,13 +2191,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt>String</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>an array of hashes representing the extensions in the cert</p>
+<p>elliptic curve name</p>
 </div>
     </li>
@@ -2009,29 +2210,23 @@ extension.</p>
       <pre class="lines">
-295
-296
-297
-298
-299
-300
-301
-302
-303
-304</pre>
+202
+203
+204
+205
+206
+207
+208</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 295</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_extensions'>extensions</span>
-    <span class='kw'>if</span> <span class='ivar'>@extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='ivar'>@extensions</span> <span class='op'>=</span> <span class='const'>Hash</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
-        <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_extension'>extension</span><span class='op'>|</span>
-            <span class='id identifier rubyid_hash'>hash</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>value</span><span class='tstring_end'>'</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>critical</span><span class='tstring_end'>'</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_critical?'>critical?</span><span class='rbrace'>}</span>
-            <span class='ivar'>@extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_hash'>hash</span>
-        <span class='rbrace'>}</span>
-    <span class='kw'>end</span>
-    <span class='ivar'>@extensions</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 202</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_curve_name'>curve_name</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_group'>group</span><span class='period'>.</span><span class='id identifier rubyid_curve_name'>curve_name</span>
+  <span class='kw'>else</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Curve name is only available with EC certs</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2039,9 +2234,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="fingerprint-instance_method">
+  <h3 class="signature " id="dsa?-instance_method">
-    - (<tt>String</tt>) <strong>fingerprint</strong>(algorithm = 'sha1')
+    - (<tt>Boolean</tt>) <strong>dsa?</strong>
@@ -2050,50 +2245,26 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate fingerprint with the specified algorithm (default
-sha1)</p>
+<p>Returns whether the public key is DSA</p>
   </div>
 </div>
 <div class="tags">
-  <p class="tag_title">Parameters:</p>
-<ul class="param">
-    <li>
-        <span class='name'>algorithm</span>
-        <span class='type'>(<tt>String</tt>)</span>
-        <em class="default">(defaults to: <tt>'sha1'</tt>)</em>
-        &mdash;
-        <div class='inline'>
-<p>Which algorithm to use for the fingerprint. See R509::MessageDigest for
-supported algorithm names</p>
-</div>
-    </li>
-</ul>
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>hex digest of the certificate</p>
+<p>true if the public key is DSA, false otherwise</p>
 </div>
     </li>
@@ -2106,21 +2277,15 @@ supported algorithm names</p>
       <pre class="lines">
-129
-130
-131
-132
-133
-134</pre>
+174
+175
+176</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 129</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 174</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_md'>md</span> <span class='op'>=</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span>
-    <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_dsa?'>dsa?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>DSA</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2128,9 +2293,9 @@ supported algorithm names</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="has_private_key?-instance_method">
+  <h3 class="signature " id="ec?-instance_method">
-    - (<tt>Boolean</tt>) <strong>has_private_key?</strong>
+    - (<tt>Boolean</tt>) <strong>ec?</strong>
@@ -2139,7 +2304,7 @@ supported algorithm names</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Boolean of whether the object contains a private key</p>
+<p>Returns whether the public key is EC</p>
   </div>
@@ -2158,7 +2323,7 @@ supported algorithm names</p>
         &mdash;
         <div class='inline'>
-<p>Boolean of whether the object contains a private key</p>
+<p>true if the public key is EC, false otherwise</p>
 </div>
     </li>
@@ -2171,23 +2336,15 @@ supported algorithm names</p>
       <pre class="lines">
-168
-169
-170
-171
-172
-173
-174</pre>
+181
+182
+183</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 168</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 181</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>true</span>
-    <span class='kw'>else</span>
-        <span class='kw'>false</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_ec?'>ec?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>EC</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2195,55 +2352,108 @@ supported algorithm names</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="is_revoked_by_crl?-instance_method">
+  <h3 class="signature " id="extended_key_usage-instance_method">
-    - (<tt>Boolean</tt>) <strong>is_revoked_by_crl?</strong>(r509_crl)
+    - (<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>) <strong>extended_key_usage</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='eku-instance_method'>eku</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Checks the given CRL for this certificate's serial number. Note that this
-does NOT check to verify that the CRL you're checking is signed by the same
-CA as the cert so do that check yourself</p>
+<p>Returns this object's ExtendedKeyUsage extension as an R509 extension</p>
+<p>if this cert does not have a ExtendedKeyUsage extension.</p>
   </div>
 </div>
 <div class="tags">
-  <p class="tag_title">Parameters:</p>
-<ul class="param">
+<p class="tag_title">Returns:</p>
+<ul class="return">
     <li>
-        <span class='name'>r509_crl</span>
-        <span class='type'>(<tt><span class='object_link'><a href="Crl.html" title="R509::Crl (module)">R509::Crl</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>A CRL from the CA that issued this certificate.</p>
+<p>The object, or nil</p>
 </div>
     </li>
 </ul>
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+314
+315
+316</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 314</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>ExtendedKeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+      <div class="method_details ">
+  <h3 class="signature " id="extensions-instance_method">
+    - (<tt>Hash</tt>) <strong>extensions</strong>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
+specific objects.</p>
+<p>R509::Cert::Extensions module, each specific to the extension. The hash is
+keyed with the R509 extension class. Extensions without an R509
+implementation are ignored (see #get_unknown_extensions).</p>
+  </div>
+</div>
+<div class="tags">
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt>Hash</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>A hash, in which the values are classes from the</p>
+</div>
     </li>
@@ -2255,15 +2465,23 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-288
-289
-290</pre>
+273
+274
+275
+276
+277
+278
+279</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 288</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 273</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_is_revoked_by_crl?'>is_revoked_by_crl?</span><span class='lparen'>(</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span> <span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span><span class='period'>.</span><span class='id identifier rubyid_revoked?'>revoked?</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span> <span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_extensions'>extensions</span>
+  <span class='kw'>if</span> <span class='ivar'>@r509_extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='ivar'>@r509_extensions</span> <span class='op'>=</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_wrap_openssl_extensions'>wrap_openssl_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>return</span> <span class='ivar'>@r509_extensions</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2271,9 +2489,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="issuer-instance_method">
+  <h3 class="signature " id="fingerprint-instance_method">
-    - (<tt>OpenSSL::X509::Name</tt>) <strong>issuer</strong>
+    - (<tt>String</tt>) <strong>fingerprint</strong>(algorithm = 'sha1')
@@ -2282,26 +2500,50 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the issuer</p>
+<p>Returns the certificate fingerprint with the specified algorithm (default
+sha1)</p>
   </div>
 </div>
 <div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+    <li>
+        <span class='name'>algorithm</span>
+        <span class='type'>(<tt>String</tt>)</span>
+        <em class="default">(defaults to: <tt>'sha1'</tt>)</em>
+        &mdash;
+        <div class='inline'>
+<p>Which algorithm to use for the fingerprint. See R509::MessageDigest for
+supported algorithm names</p>
+</div>
+    </li>
+</ul>
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>OpenSSL::X509::Name</tt>)</span>
+        <span class='type'>(<tt>String</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>issuer object. Can be parsed as string easily</p>
+<p>hex digest of the certificate</p>
 </div>
     </li>
@@ -2314,15 +2556,21 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-109
-110
-111</pre>
+112
+113
+114
+115
+116
+117</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 109</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 112</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_issuer'>issuer</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_md'>md</span> <span class='op'>=</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span>
+  <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2330,9 +2578,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="issuer_cn-instance_method">
+  <h3 class="signature " id="has_private_key?-instance_method">
-    - (<tt>String</tt>) <strong>issuer_cn</strong>
+    - (<tt>Boolean</tt>) <strong>has_private_key?</strong>
@@ -2341,7 +2589,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>The common name (CN) component of the issuer</p>
+<p>Boolean of whether the object contains a private key</p>
   </div>
@@ -2354,13 +2602,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The common name (CN) component of the issuer</p>
+<p>Boolean of whether the object contains a private key</p>
 </div>
     </li>
@@ -2373,29 +2621,23 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123</pre>
+144
+145
+146
+147
+148
+149
+150</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 114</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_issuer_cn'>issuer_cn</span>
-    <span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_to_a'>to_a</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_part'>part</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_length'>length</span><span class='op'>|</span>
-        <span class='kw'>return</span> <span class='id identifier rubyid_value'>value</span> <span class='kw'>if</span> <span class='id identifier rubyid_part'>part</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span>
-    <span class='kw'>end</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 144</span>
-    <span class='comment'># return nil if we didn't find a CN part
-</span>    <span class='kw'>return</span> <span class='kw'>nil</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
+  <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='kw'>true</span>
+  <span class='kw'>else</span>
+    <span class='kw'>false</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2403,9 +2645,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="key_algorithm-instance_method">
+  <h3 class="signature " id="hexserial-instance_method">
-    - (<tt>String</tt>) <strong>key_algorithm</strong>
+    - (<tt>String</tt>) <strong>hexserial</strong>
@@ -2414,7 +2656,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns key algorithm (RSA or DSA)</p>
+<p>Returns the serial number of the certificate in hexadecimal form</p>
   </div>
@@ -2431,11 +2673,6 @@ CA as the cert so do that check yourself</p>
-        &mdash;
-        <div class='inline'>
-<p>value of the key algorithm. RSA or DSA</p>
-</div>
     </li>
 </ul>
@@ -2446,23 +2683,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-248
-249
-250
-251
-252
-253
-254</pre>
+90
+91
+92</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 248</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 90</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_key_algorithm'>key_algorithm</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
-        <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>RSA</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
-        <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>DSA</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_hexserial'>hexserial</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2470,9 +2699,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="key_usage-instance_method">
+  <h3 class="signature " id="inhibit_any_policy-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>) <strong>key_usage</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">R509::Cert::Extensions::InhibitAnyPolicy</a></span></tt>) <strong>inhibit_any_policy</strong>
@@ -2481,7 +2710,9 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's KeyUsage extension as an R509 extension</p>
+<p>Returns this object's InhibitAnyPolicy extension as an R509 extension</p>
+<p>if this cert does not have a InhibitAnyPolicy extension.</p>
   </div>
@@ -2494,13 +2725,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">R509::Cert::Extensions::InhibitAnyPolicy</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a KeyUsage extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2513,15 +2744,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-345
-346
-347</pre>
+383
+384
+385</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 345</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 383</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_key_usage'>key_usage</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>KeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_inhibit_any_policy'>inhibit_any_policy</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>InhibitAnyPolicy</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2529,9 +2760,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="not_after-instance_method">
+  <h3 class="signature " id="is_revoked_by_crl?-instance_method">
-    - (<tt>Time</tt>) <strong>not_after</strong>
+    - (<tt>Boolean</tt>) <strong>is_revoked_by_crl?</strong>(r509_crl)
@@ -2540,47 +2771,64 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns ending (notAfter) of certificate validity period</p>
+<p>Checks the given CRL for this certificate's serial number. Note that this
+does NOT check to verify that the CRL you're checking is signed by the same
+CA as the cert so do that check yourself</p>
   </div>
 </div>
 <div class="tags">
-<p class="tag_title">Returns:</p>
-<ul class="return">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
     <li>
+        <span class='name'>r509_crl</span>
-        <span class='type'>(<tt>Time</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="CRL/SignedList.html" title="R509::CRL::SignedList (class)">R509::CRL::SignedList</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>time object</p>
+<p>A CRL from the CA that issued this certificate.</p>
 </div>
     </li>
 </ul>
+<p class="tag_title">Returns:</p>
+<ul class="return">
+    <li>
+        <span class='type'>(<tt>Boolean</tt>)</span>
+    </li>
+</ul>
 </div><table class="source_code">
   <tr>
     <td>
       <pre class="lines">
-95
-96
-97</pre>
+262
+263
+264</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 95</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 262</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_not_after'>not_after</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_is_revoked_by_crl?'>is_revoked_by_crl?</span><span class='lparen'>(</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span><span class='period'>.</span><span class='id identifier rubyid_revoked?'>revoked?</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2588,9 +2836,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="not_before-instance_method">
+  <h3 class="signature " id="key_algorithm-instance_method">
-    - (<tt>Time</tt>) <strong>not_before</strong>
+    - (<tt>Symbol</tt>) <strong>key_algorithm</strong>
@@ -2599,7 +2847,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns beginning (notBefore) of certificate validity period</p>
+<p>Returns key algorithm (RSA, DSA, EC)</p>
   </div>
@@ -2612,13 +2860,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>Time</tt>)</span>
+        <span class='type'>(<tt>Symbol</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>time object</p>
+<p>value of the key algorithm. :rsa, :dsa, :ec</p>
 </div>
     </li>
@@ -2631,15 +2879,27 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-81
-82
-83</pre>
+220
+221
+222
+223
+224
+225
+226
+227
+228</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 81</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 220</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_not_before'>not_before</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_key_algorithm'>key_algorithm</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
+    <span class='symbol'>:rsa</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
+    <span class='symbol'>:dsa</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='symbol'>:ec</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2647,18 +2907,24 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="public_key-instance_method">
+  <h3 class="signature " id="key_usage-instance_method">
-    - (<tt>OpenSSL::PKey::RSA</tt>) <strong>public_key</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>) <strong>key_usage</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='ku-instance_method'>ku</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate public key</p>
+<p>Returns this object's KeyUsage extension as an R509 extension</p>
+<p>if this cert does not have a KeyUsage extension.</p>
   </div>
@@ -2671,13 +2937,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>OpenSSL::PKey::RSA</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>public key object</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2690,15 +2956,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-102
-103
-104</pre>
+305
+306
+307</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 102</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 305</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_public_key'>public_key</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_key_usage'>key_usage</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>KeyUsage</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2706,9 +2972,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="r509_extensions-instance_method">
+  <h3 class="signature " id="name_constraints-instance_method">
-    - (<tt>Hash</tt>) <strong>r509_extensions</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">R509::Cert::Extensions::NameConstraints</a></span></tt>) <strong>name_constraints</strong>
@@ -2717,12 +2983,9 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
-specific objects.</p>
+<p>Returns this object's NameConstraints extension as an R509 extension</p>
-<p>R509::Cert::Extensions module, each specific to the extension. The hash is
-keyed with the R509 extension class. Extensions without an R509
-implementation are ignored (see #get_unknown_extensions).</p>
+<p>if this cert does not have a NameConstraints extension.</p>
   </div>
@@ -2735,13 +2998,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Hash</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">R509::Cert::Extensions::NameConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>A hash, in which the values are classes from the</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2754,23 +3017,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-313
-314
-315
-316
-317
-318
-319</pre>
+399
+400
+401</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 313</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span>
-    <span class='kw'>if</span> <span class='ivar'>@r509_extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='ivar'>@r509_extensions</span> <span class='op'>=</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_wrap_openssl_extensions'>wrap_openssl_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
-    <span class='kw'>end</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 399</span>
-    <span class='kw'>return</span> <span class='ivar'>@r509_extensions</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_name_constraints'>name_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>NameConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2778,9 +3033,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="rsa?-instance_method">
+  <h3 class="signature " id="not_after-instance_method">
-    - (<tt>Boolean</tt>) <strong>rsa?</strong>
+    - (<tt>Time</tt>) <strong>not_after</strong>
@@ -2789,7 +3044,7 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns whether the public key is RSA</p>
+<p>Returns ending (notAfter) of certificate validity period</p>
   </div>
@@ -2802,13 +3057,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt>Time</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>true if the public key is RSA, false otherwise</p>
+<p>time object</p>
 </div>
     </li>
@@ -2821,15 +3076,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-216
-217
-218</pre>
+97
+98
+99</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 216</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 97</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_rsa?'>rsa?</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_not_after'>not_after</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2837,9 +3092,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="san_names-instance_method">
+  <h3 class="signature " id="not_before-instance_method">
-    - (<tt>Array</tt>) <strong>san_names</strong>
+    - (<tt>Time</tt>) <strong>not_before</strong>
@@ -2848,7 +3103,7 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>List of SAN DNS names</p>
+<p>Returns beginning (notBefore) of certificate validity period</p>
   </div>
@@ -2861,13 +3116,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt>Time</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>list of SAN DNS names</p>
+<p>time object</p>
 </div>
     </li>
@@ -2880,23 +3135,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-177
-178
-179
-180
-181
-182
-183</pre>
+76
+77
+78</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 177</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 76</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_san_names'>san_names</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
-    <span class='kw'>else</span>
-        <span class='kw'>return</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span><span class='period'>.</span><span class='id identifier rubyid_dns_names'>dns_names</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_not_before'>not_before</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2904,9 +3151,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="serial-instance_method">
+  <h3 class="signature " id="ocsp_no_check?-instance_method">
-    - (<tt>Integer</tt>) <strong>serial</strong>
+    - (<tt>Boolean</tt>) <strong>ocsp_no_check?</strong>
@@ -2915,7 +3162,8 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the serial number of the certificate in decimal form</p>
+<p>Returns true if the OCSP No Check extension is present (value is irrelevant
+to this extension)</p>
   </div>
@@ -2928,10 +3176,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Integer</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>presence/absence of the nocheck extension</p>
+</div>
     </li>
 </ul>
@@ -2942,15 +3195,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-88
-89
-90</pre>
+367
+368
+369</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 88</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 367</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_serial'>serial</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_ocsp_no_check?'>ocsp_no_check?</span>
+  <span class='kw'>return</span> <span class='lparen'>(</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>OCSPNoCheck</span><span class='rparen'>)</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2958,9 +3211,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="signature_algorithm-instance_method">
+  <h3 class="signature " id="policy_constraints-instance_method">
-    - (<tt>String</tt>) <strong>signature_algorithm</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">R509::Cert::Extensions::PolicyConstraints</a></span></tt>) <strong>policy_constraints</strong>
@@ -2969,7 +3222,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns signature algorithm</p>
+<p>Returns this object's PolicyConstraints extension as an R509 extension</p>
+<p>if this cert does not have a PolicyConstraints extension.</p>
   </div>
@@ -2982,14 +3237,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">R509::Cert::Extensions::PolicyConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>value of the signature algorithm. E.g. sha1WithRSAEncryption,
-sha256WithRSAEncryption, md5WithRSAEncryption</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3002,15 +3256,15 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
       <pre class="lines">
-241
-242
-243</pre>
+391
+392
+393</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 241</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 391</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_policy_constraints'>policy_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>PolicyConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3018,9 +3272,9 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject-instance_method">
+  <h3 class="signature " id="public_key-instance_method">
-    - (<tt>OpenSSL::X509::Name</tt>) <strong>subject</strong>
+    - (<tt>OpenSSL::PKey::RSA</tt>) <strong>public_key</strong>
@@ -3029,7 +3283,7 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the subject</p>
+<p>Returns the certificate public key</p>
   </div>
@@ -3042,13 +3296,13 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
     <li>
-        <span class='type'>(<tt>OpenSSL::X509::Name</tt>)</span>
+        <span class='type'>(<tt>OpenSSL::PKey::RSA</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>subject object. Can be parsed as string easily</p>
+<p>public key object</p>
 </div>
     </li>
@@ -3061,15 +3315,15 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
       <pre class="lines">
-163
-164
-165</pre>
+104
+105
+106</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 163</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 104</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject'>subject</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_public_key'>public_key</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3077,9 +3331,9 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_alternative_name-instance_method">
+  <h3 class="signature " id="rsa?-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>) <strong>subject_alternative_name</strong>
+    - (<tt>Boolean</tt>) <strong>rsa?</strong>
@@ -3088,7 +3342,7 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's SubjectAlternativeName extension as an R509 extension</p>
+<p>Returns whether the public key is RSA</p>
   </div>
@@ -3101,14 +3355,13 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a SubjectAlternativeName
-extension.</p>
+<p>true if the public key is RSA, false otherwise</p>
 </div>
     </li>
@@ -3121,15 +3374,15 @@ extension.</p>
       <pre class="lines">
-377
-378
-379</pre>
+167
+168
+169</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 377</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 167</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectAlternativeName</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_rsa?'>rsa?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3137,9 +3390,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_cn-instance_method">
+  <h3 class="signature " id="serial-instance_method">
-    - (<tt>String</tt>) <strong>subject_cn</strong>
+    - (<tt>Integer</tt>) <strong>serial</strong>
@@ -3148,7 +3401,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the CN component, if any, of the subject</p>
+<p>Returns the serial number of the certificate in decimal form</p>
   </div>
@@ -3161,7 +3414,7 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Integer</tt>)</span>
@@ -3175,15 +3428,15 @@ extension.</p>
       <pre class="lines">
-188
-189
-190</pre>
+83
+84
+85</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 188</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 83</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span><span class='lparen'>(</span><span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_component'>subject_component</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_serial'>serial</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3191,9 +3444,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_component-instance_method">
+  <h3 class="signature " id="signature_algorithm-instance_method">
-    - (<tt>String</tt>) <strong>subject_component</strong>(short_name)
+    - (<tt>String</tt>) <strong>signature_algorithm</strong>
@@ -3202,7 +3455,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns subject component</p>
+<p>Returns signature algorithm</p>
   </div>
@@ -3221,7 +3474,8 @@ extension.</p>
         &mdash;
         <div class='inline'>
-<p>value of the subject component requested</p>
+<p>value of the signature algorithm. E.g. sha1WithRSAEncryption,
+sha256WithRSAEncryption, md5WithRSAEncryption, et cetera</p>
 </div>
     </li>
@@ -3234,19 +3488,15 @@ extension.</p>
       <pre class="lines">
-195
-196
-197
-198
-199</pre>
+213
+214
+215</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 195</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 213</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_component'>subject_component</span> <span class='id identifier rubyid_short_name'>short_name</span>
-    <span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_to_a'>to_a</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_x'>x</span><span class='op'>|</span> <span class='id identifier rubyid_x'>x</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='id identifier rubyid_short_name'>short_name</span> <span class='rbrace'>}</span>
-    <span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_match'>match</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_match'>match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3254,18 +3504,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_key_identifier-instance_method">
+  <h3 class="signature " id="subject_alternative_name-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>) <strong>subject_key_identifier</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>) <strong>subject_alternative_name</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='san-instance_method'>san</span>, <span id='subject_alt_name-instance_method'>subject_alt_name</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension</p>
+<p>Returns this object's SubjectAlternativeName extension as an R509 extension</p>
+<p>if this cert does not have a SubjectAlternativeName extension.</p>
   </div>
@@ -3278,14 +3534,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a SubjectKeyIdentifier
-extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3298,15 +3553,15 @@ extension.</p>
       <pre class="lines">
-361
-362
-363</pre>
+339
+340
+341</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 361</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 339</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_key_identifier'>subject_key_identifier</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectAlternativeName</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3314,9 +3569,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_names-instance_method">
+  <h3 class="signature " id="subject_key_identifier-instance_method">
-    - (<tt>Array</tt>) <strong>subject_names</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>) <strong>subject_key_identifier</strong>
@@ -3325,7 +3580,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension</p>
+<p>if this cert does not have a SubjectKeyIdentifier extension.</p>
   </div>
@@ -3338,13 +3595,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>the array of names. Returns an empty array if there are no names, at all.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3357,23 +3614,15 @@ extension.</p>
       <pre class="lines">
-205
-206
-207
-208
-209
-210
-211</pre>
+323
+324
+325</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 205</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_names'>subject_names</span>
-    <span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
-    <span class='id identifier rubyid_ret'>ret</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span> <span class='kw'>unless</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san_names'>san_names</span> <span class='rparen'>)</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 323</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_sort'>sort</span><span class='period'>.</span><span class='id identifier rubyid_uniq'>uniq</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject_key_identifier'>subject_key_identifier</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3424,19 +3673,19 @@ extension.</p>
       <pre class="lines">
-72
-73
-74
-75
-76</pre>
+67
+68
+69
+70
+71</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 72</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 67</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_to_der'>to_der</span>
-    <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3491,19 +3740,19 @@ extension.</p>
       <pre class="lines">
-61
-62
-63
-64
-65</pre>
+56
+57
+58
+59
+60</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 61</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 56</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_to_pem'>to_pem</span>
-    <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3555,15 +3804,15 @@ extensions that do not have R509 implementations.</p>
       <pre class="lines">
-325
-326
-327</pre>
+285
+286
+287</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 325</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 285</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_unknown_extensions'>unknown_extensions</span>
-    <span class='kw'>return</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_get_unknown_extensions'>get_unknown_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_get_unknown_extensions'>get_unknown_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3610,15 +3859,15 @@ times in the certificate.</p>
       <pre class="lines">
-140
-141
-142</pre>
+123
+124
+125</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 140</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 123</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_valid?'>valid?</span>
-    <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3685,31 +3934,31 @@ the time provided</p>
       <pre class="lines">
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158</pre>
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 148</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 131</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_time'>time</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_time'>time</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_at'>at</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-        <span class='kw'>false</span>
-    <span class='kw'>else</span>
-        <span class='kw'>true</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_time'>time</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_time'>time</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_at'>at</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
+    <span class='kw'>false</span>
+  <span class='kw'>else</span>
+    <span class='kw'>true</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3763,15 +4012,15 @@ IO-like object.</p>
       <pre class="lines">
-266
-267
-268</pre>
+240
+241
+242</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 266</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 240</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_der'>write_der</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3825,15 +4074,15 @@ IO-like object.</p>
       <pre class="lines">
-259
-260
-261</pre>
+233
+234
+235</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 259</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 233</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_pem'>write_pem</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3923,23 +4172,23 @@ IO-like object.</p>
       <pre class="lines">
-275
-276
-277
-278
-279
-280
-281</pre>
+249
+250
+251
+252
+253
+254
+255</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 275</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 249</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_pkcs12'>write_pkcs12</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>r509 pkcs12</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Writing a PKCS12 requires both key and cert</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>end</span>
-    <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='comma'>,</span><span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span><span class='ivar'>@cert</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='kw'>if</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Writing a PKCS12 requires both key and cert</span><span class='tstring_end'>&quot;</span></span>
+  <span class='kw'>end</span>
+  <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='comma'>,</span><span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span><span class='ivar'>@cert</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3951,9 +4200,9 @@ IO-like object.</p>
 </div>
     <div id="footer">
-  Generated on Thu Nov  8 14:19:26 2012 by
+  Generated on Tue Apr 16 10:49:56 2013 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.2.1 (ruby-1.9.3).
+  0.8.5 (ruby-1.9.3).
 </div>
   </body>