node-opcua-pki

node-opcua-pki

Create a Certificate Authority

    PKI\CA                   Certificate Authority

    PKI\rejected             Certificates that are rejected - regardless of validity
    PKI\trusted
    PKI\issuers
    PKI\issuers\crl
    PKI\issuers\certs

commands

command	Help
demo	create default certificate for node-opcua demos
createCA	create a Certificate Authority
createPKI	create a Public Key Infrastructure
certificate	create a new certificate
revoke	revoke an existing certificate
dump	display a certificate
toder	convert a certificate to a DER format
fingerprint	print the certificate fingerprint

Options: --help display help

Create a certificate authority

		default value
--subject	the CA certificate subject	"/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA"
--root, -r	the location of the Certificate folder	"{CWD}/certificates"
--CAFolder, -c	the location of the Certificate Authority folder	"{root}/CA"]
--keySize, -k, --keyLength	the private key size in bits (1024	2048 ,3072, 4096 ,2048

demo command

this command create a bunch of certificates with various characteristics for demo and testing purposes.

crypto_create_CA  demo [--dev] [--silent] [--clean]

Options:

--help	display help
--dev	create all sort of fancy certificates for dev testing purposes
--clean	Purge existing directory [use with care!]
--silent, -s	minimize output
--root, -r	the location of the Certificate folder	{CWD}/certificates

Example:

$crypto_create_CA  demo --dev

certificate command

$crypto_create_CA certificate --help

Options:

--help	display help
--applicationUri, -a	the application URI	urn:{hostname}:Node-OPCUA-Server
--output, -o	the name of the generated certificate	my_certificate.pem
--selfSigned, -s	if true, the certificate will be self-signed	false
--validity, -v	the certificate validity in days
--silent, -s	minimize output
--root, -r	the location of the Certificate folder	{CWD}/certificates
--CAFolder, -c	the location of the Certificate Authority folder	{root}/CA
--PKIFolder, -p	the location of the Public Key Infrastructure	{root}/PKI
--privateKey, -p	optional:the private key to use to generate certificate
--subject	the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )

References

• https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
• https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
• https://tools.ietf.org/html/rfc5280

prerequisite:

This modules requires OpenSSL or LibreSSL to be installed.

On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need a internet connection open.

You need to install it on Linux, (or in your docker image), or on MacOS

• on ubuntu/debian:

apt install openssl

or alpine:

apk add openssl

note:

• do not upgrade update-notifier above 4.x.x until nodejs 8 is required

support:

Getting professional support

NodeOPCUA PKI is developed and maintained by sterfive.com.

To get professional support, consider subscribing to the node-opcua membership community:

or contact sterfive for dedicated consulting and more advanced support.

:heart: Supporting the development effort - Sponsors & Backers

If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.

If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.

Changelog

2.14.1

4 March 2022

• fixed slashes in Subject CN #25
• Release 2.14.1 ef0fbee