Node.js utility for SSL certificates using OpenSSL (generating, verifying, etc.)
MIT License
A handful of wrappers around OpenSSL commands for Node.js
Install with npm: npm install ssl-utils --save
var ssl = require('ssl-utils');
//// generate a new SSL certificate and key ////
var csr = {
subject: {
C: 'US',
ST: 'FL',
L: 'Hollywood',
O: 'es128',
OU: 'me',
CN: 'www.domain.name'
}
// subjectaltname could also be added
};
ssl.generateCertBuffer(
'myCert', /*temp filename prefix*/
false, /*whether to keep temp files*/
csr, /*cert info, see above*/
caKeyPath, /*path to CA signer's key*/
caCertPath, /*path to CA signer's cert*/
function (err, key, cert, fingerprint, hash) { /*callback*/}
);
//// check the validity of a cert/key pair ////
var cert = certContents; //String or Buffer
ssl.checkCertificateExpiration(cert, function (expiry) {
//expiry is a Date instance
var remainingTime = expiry.getTime() - Date.now();
});
Generates a new ssl certificate and private key, signed by the provided certificate authority.
String
prefix to use when naming temp filesBoolean
whether temp files should be automatically deletedObject
identity info to embed in the certificate
C
(Country), ST
(State), L
(Locality),O
(Organization), OU
(Organizational Unit), CN
(Common Name)DNS:foo.domain.name, DNS:bar.domain.name, DNS:localhost, IP:127.0.0.1
String
path to the certificate authority's private key pem fileString
path to the certificate authority's certificate pem fileFunction
in the form of callback(err, keyBuffer, certBuffer)
Same as generateCertBuffer
except it returns file paths to the temp files for the key and cert
instead of buffers.
Sets how many days from now a generated certificate should expire. If not set, openssl's default or local settings will be used.
createKeypair
, createCertRequestConfig
, createExtensionsFile
, createCertRequest
, and
createCert
are used by the above methods in the generation process, but are also exported and
can be used directly. Check the
generate.js
source code for
the method signatures.
Parses a provided certificate's expiration date.
String|Buffer
contents of the certificate pem fileFunction
in the form of callback(err, certExpiry)
where certExpiry is a Date
Checks the validity of a provided certificate and private key, as well as whether they match.
String|Buffer
contents of the certificateString|Buffer
contents of the private keyObject
options.CAfile
options.pass
Function
in the form of callback(err, result)
where result
is an objectcertStatus
, keyStatus
, and match
Object
containing Boolean
properties valid
, verifiedCA
, andselfSigned
as well as output
containing the raw output from OpenSSLObject
containing valid
and output
Boolean
whether the cert's and key's modulus values matchverifyCertificate
, verifyKey
, compareModuli
are used by verifyCertificateKey
, but are also
exported and can be used directly. Check the
verify.js
source code for
the method signatures.
The certificate generation code was derived from certgen.