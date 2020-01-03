A handful of wrappers around OpenSSL commands for Node.js
Install with npm:
npm install ssl-utils --save
var ssl = require('ssl-utils');
//// generate a new SSL certificate and key ////
var csr = {
subject: {
C: 'US',
ST: 'FL',
L: 'Hollywood',
O: 'es128',
OU: 'me',
CN: 'www.domain.name'
}
// subjectaltname could also be added
};
ssl.generateCertBuffer(
'myCert', /*temp filename prefix*/
false, /*whether to keep temp files*/
csr, /*cert info, see above*/
caKeyPath, /*path to CA signer's key*/
caCertPath, /*path to CA signer's cert*/
function (err, key, cert, fingerprint, hash) { /*callback*/}
);
//// check the validity of a cert/key pair ////
var cert = certContents; //String or Buffer
ssl.checkCertificateExpiration(cert, function (expiry) {
//expiry is a Date instance
var remainingTime = expiry.getTime() - Date.now();
});
Generates a new ssl certificate and private key, signed by the provided certificate authority.
String prefix to use when naming temp files
Boolean whether temp files should be automatically deleted
Object identity info to embed in the certificate
C (Country),
ST (State),
L (Locality),
O (Organization),
OU (Organizational Unit),
CN (Common Name)
DNS:foo.domain.name, DNS:bar.domain.name, DNS:localhost, IP:127.0.0.1
String path to the certificate authority's private key pem file
String path to the certificate authority's certificate pem file
Function in the form of
callback(err, keyBuffer, certBuffer)
Same as
generateCertBuffer except it returns file paths to the temp files for the key and cert
instead of buffers.
Sets how many days from now a generated certificate should expire. If not set, openssl's default or local settings will be used.
createKeypair,
createCertRequestConfig,
createExtensionsFile,
createCertRequest, and
createCert are used by the above methods in the generation process, but are also exported and
can be used directly. Check the
generate.js source code for
the method signatures.
Parses a provided certificate's expiration date.
String|Buffer contents of the certificate pem file
Function in the form of
callback(err, certExpiry) where certExpiry is a
Date
instance.
Checks the validity of a provided certificate and private key, as well as whether they match.
String|Buffer contents of the certificate
String|Buffer contents of the private key
Object
options.CAfile
options.pass
Function in the form of
callback(err, result) where
result is an object
containing
certStatus,
keyStatus, and
match
Object containing
Boolean properties
valid,
verifiedCA, and
selfSigned as well as
output containing the raw output from OpenSSL
Object containing
valid and
output
Boolean whether the cert's and key's modulus values match
verifyCertificate,
verifyKey,
compareModuli are used by
verifyCertificateKey, but are also
exported and can be used directly. Check the
verify.js source code for
the method signatures.
The certificate generation code was derived from certgen.