Hi @jiangshaoqi, thanks for the contribution.

Can you speak more to your motivation for wanting this?

You can already construct CertificateParams directly from DER with the x509-parser feature enabled. It's not clear to me why you would want a Certificate from the DER given this gives you few capabilities beyond accessing the DER/PEM encoding (which you basically already have in-hand), or the CertificateParams which you can construct from the DER already. Am I overlooking a use-case?

Hello @cpu , thank you for the reply.
I used this function in my project in the scenario: I am making a ResolvesServerCert to generate the fake end-entity certificates for my browser. I already have my own self-signed CA certificate, and have added it into browser's CA list.

In ResolvesServerCert, it requires the Certificate of my CA certificate, which has already been self signed and i need to directly load it as Certificate. If i read the certificate into CertificateParams, i will need to self_signed to generate the certificate.

Also, In my case, if i sign it again to get the Certificate, there will be some difference between my original certificate, because of x509 parser. for example, in my certificate:
X509v3 Basic Constraints: critical
CA: TRUE
the the new certificate from CertificateParams will automatically set CA: FALSE. (because of x509-parser implementation).

I also see people asking for: [https://github.com//issues/274]

What i did work for me, and i think it might be good for others. From your reply, i think i should also try use rcgen generate a CA certificate DER, get its CertificateParams, do self_signed on it, and check if the new self-signed certificate is the same as the original CA certificate.

If it is same, please ignore my request

I just checked: use rcgen generate a CA certificate DER, get its CertificateParams, do self_signed on it, and check if the new self-signed certificate is the same as the original CA certificate.

It also works in my scenario, please ignore my request and have a good day!

@jiangshaoqi I would be curious how you achieved the same certificate because I can't seem to reproduce it myself.

When I run the following code and the assertion fails:

let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["abc".into()]).unwrap();

let before = cert.pem();
println!("{:?}", cert.pem());
println!("{:?}\n\n\n", key_pair.serialize_pem());

let key_pair = rcgen::KeyPair::from_pem(&key_pair.serialize_pem()).unwrap();
let cert = CertificateParams::from_ca_cert_der(&cert.try_into().unwrap())
    .unwrap()
    .self_signed(&key_pair)
    .unwrap();

println!("{:?}", cert.pem());
println!("{:?}\n\n\n", key_pair.serialize_pem());

assert_eq!(before, cert.pem());

I kinda feel like this PR should be reopened and merged as a stop gap solution.