node-x509
Simple X509 certificate parser.
This is a fork of the original node-x509 parser - with the same level of function but confirmed working across LTS node versions (v8, v10, v12).
Installation
From NPM (recommended): npm install x509
Building and testing from source:
sudo npm install -g node-gyp
npm install
npm test
Usage
Reading from a file:
const x509 = require('x509');
var issuer = x509.getIssuer(__dirname + '/certs/your.crt');
Reading from a string:
const fs = require('fs'),
x509 = require('x509');
var issuer = x509.getIssuer(fs.readFileSync('./certs/your.crt').toString());
Methods
Notes:
cert
may be a filename or a raw base64 encoded PEM string in any of these methods.
x509.getAltNames(cert
)
Parse certificate with x509.parseCert
and return the alternate names.
const x509 = require('x509');
var altNames = x509.getAltNames(__dirname + '/certs/nodejitsu.com.crt');
x509.getIssuer(cert
)
Parse certificate with x509.parseCert
and return the issuer.
const x509 = require('x509');
var issuer = x509.getIssuer(__dirname + '/certs/nodejitsu.com.crt');
x509.getSubject(cert
)
Parse certificate with x509.parseCert
and return the subject.
const x509 = require('x509');
var subject = x509.getSubject(__dirname + '/certs/nodejitsu.com.crt');
x509.parseCert(cert
)
Parse subject, issuer, valid before and after date, and alternate names from certificate.
const x509 = require('x509');
var cert = x509.parseCert(__dirname + '/certs/nodejitsu.com.crt');
x509.verify(cert
, CABundlePath
, function(err, result){ /.../})
Performs basic certificate validation against a bundle of ca certificates.
It accepts an error-first callback as first argument. If the error is null, then
the certificate is valid.
The error messages are the same returned by openssl: x509_verify_cert_error_string
Note:
As now, this function only accepts absolute paths to existing files as arguments
const x509 = require('x509');
x509.verify(
__dirname + '/certs/user.com.crt',
__dirname + 'enduser-example.com.chain',
function(err, result){ }
);
Examples
Checking the date to make sure the certificate is active:
const x509 = require('x509');
var cert = x509.parseCert('yourcert.crt'),
date = new Date();
if (cert.notBefore > date) {
}
if (cert.notAfter < date) {
}
License
MIT
Alternative implementation / build issues
If you are suffering from hard to fix build issues, there is an alternative (pure javascript) implementation using emscripten: https://github.com/encharm/x509.js (based on node-x509, slightly different API)