@peculiar/acme-client
Advanced tools
Readme
@peculiar/acme-client
@peculiar/acme-client is anAutomatic Certificate Management Environment (ACME) implementing RFC 8555 client.
npm install @peculiar/acme-client
Every release of @peculiar/acme-client will have new build of ./build/acme.js for use in the browser. To get access to module classes use acme global variable.
WARN: We recommend hosting and controlling your own copy for security reasons
<script src="https://unpkg.com/@peculiar/acme-client"></script>
import * as acme from "@peculiar/acme-client";
WARN: Client requires WebCrypto API and Fetch API modules. Use third-party modules to set crypto provider and fetch client in NodeJS (eg
@peculiar/webcrypto,node-fetch).
import { Crypto } from "@peculiar/webcrypto";
import fetch from "node-fetch";
const client = new acme.ApiClient(keys, "https://path/to/acme/directory", {
crypto,
fetch,
});
const client = await ApiClient.create(keys, "http://localhost:4000/acme/directory", {
// fetch, // required for NodeJS
// crypto, // required for NodeJS
});
const directory = await client.getDirectory();
// Generate account keys
const alg = { name: "ECDSA", namedCurve: "P-256" };
const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
const account = await client.newAccount({
contact: ["mailto:some@email.net"],
termsOfServiceAgreed: true,
});
WARN: That example uses
@peculiar/x509package for CSR generation
// Create a new order
let order = await client.newOrder({
identifiers: [
{ type: "dns", value: "some.domain.com" },
],
});
for (const link of order.content.authorizations) {
let authz = await client.getAuthorization(link);
if (authz.content.status === "pending") {
const httpChallenge = authz.content.challenges.find(o => o.type === "http-01");
assert(httpChallenge, `Cannot find http-01 challenge for '${authz.content.identifier.type}:${authz.content.identifier.value}' authorization`);
console.log(httpChallenge);
// Get Token and put it to wellknown link of the Server
// Validate challenge
const resp = await client.getChallenge(httpChallenge.url, "POST");
const up = /<([^<>]+)>/.exec(resp.headers.link.find(o => o.includes(`up"`)))[1];
assert(up, "Cannot get up link from header");
authz = await client.retryAuthorization(up);
assert.strictEqual(authz.content.status, "valid");
}
}
// Generate CSR
const reqKeys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]) as CryptoKeyPair;
const req = await x509.Pkcs10CertificateRequestGenerator.create({
keys: reqKeys,
name: "DC=some.domain.com",
signingAlgorithm: alg,
}, crypto);
// Request certificate
await client.finalize(order.content.finalize, {
csr: req.toString("base64url"),
});
// Waiting for enrollment
order = await client.retryOrder(order);
assert.strictEqual(order.content.status, "valid");
// Get issued certificate
const certs = await client.getCertificate(order.content.certificate);
console.log(certs.content);
FAQs
Automatic Certificate Management Environment (ACME) client
We found that @peculiar/acme-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The June TC39 meeting wrapped up this week with eight proposals moving on to the next stage. Here's a quick roundup of the features that the committee approved to advance.
Security News
Cyber extortion in the US and Canada hit record levels in 2023, with ransomware attacks surging and median ransom demands skyrocketing, though fewer companies are choosing to pay ransoms.
Security News
Ecma TC39 is meeting this week and has moved key ECMAScript proposals forward, advancing Deferred Import Evaluation, Error.isError(), RegExp Escaping, and Promise.try to the next stages.