Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

node-opcua-pki

Package Overview
Dependencies
Maintainers
1
Versions
147
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-opcua-pki

PKI management for node-opcua

  • 4.0.2
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
27K
increased by16.58%
Maintainers
1
Weekly downloads
 
Created
Source

node-opcua-pki

NPM download NPM version Build Status Coverage Status install size FOSSA Status

Installation

install globally
$ npm install -g node-opcua-pki
$ crypto_create_CA --help
use with npx
npx node-opcua-pki --help
npx node-opcua-pki certificate --help

Note: see https://reference.opcfoundation.org/GDS/docs/F.1/

commands

commandHelp
democreate default certificate for node-opcua demos
createCAcreate a Certificate Authority
createPKIcreate a Public Key Infrastructure
certificatecreate a new certificate
csrcreate a new certificate signing request(CSR)
signsign a CSR and generate a certificate
revokerevoke an existing certificate
dumpdisplay a certificate
toderconvert a certificate to a DER format
fingerprintprint the certificate fingerprint

Options: --help display help

create a PKI

node-opcua-pki createPKI

Options:

optiondescriptiontypedefault
-r, --rootthe location of the Certificate folder[string][default: "{CWD}/certificates"]
--PKIFolderthe location of the Public Key Infrastructure[string][default: "{root}/PKI"]
-k, --keySize, --keyLengththe private key size in bits (1024,2048,3072,4096)[number][default: 2048]
-s, --silentminimize output[boolean][default: false]

The result

└─ 📂certificates
    └─📂PKI
       ├─📂issuers
       │ ├─📂certs                 contains known Certificate Authorities' certificates
       │ └─📂crl                   contains Certificate Revocation List associates with the CA Certificates
       ├─📂own
       │ ├─📂certs                 where to store generated public certificates generated for the private key.
       │ └─📂private
       │    └─🔐private_key.pem  the private key in PEM format
       ├─📂rejected                  contains certificates that have been rejected.
       └─📂trusted
         ├─📂certs                 contains the X.509 v3 Certificates that are trusted.
         └─📂crl                   contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

create a Certificate Signing Request (CSR)

Options:

optiondescriptiontypedefault
-a, --applicationUrithe application URI[string][default: "urn:{hostname}:Node-OPCUA-Server"]
-o, --outputthe name of the generated signing_request[string][default: "my_certificate_signing_request.csr"]
--dnsthe list of valid domain name (comma separated)[string][default: "{hostname}"]
--ipthe list of valid IPs (comma separated)[string][default: ""]
--subjectthe certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )[string][default: "/CN=Certificate"]
-r, --rootthe location of the Certificate folder[string][default: "{CWD}/certificates"]
--PKIFolderthe location of the Public Key Infrastructure[string][default: "{root}/PKI"]

Create a certificate authority

default value
--subjectthe CA certificate subject"/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA"
--root, -rthe location of the Certificate folder"{CWD}/certificates"
--CAFolder, -cthe location of the Certificate Authority folder"{root}/CA"]
--keySize, -k, --keyLengththe private key size in bits (1024, 2048 ,3072, 4096)

The result

└─ 📂certificates
    └─📂PKI
       ├─📂CA           Certificate Authority
       ├─📂rejected     The Certificate store contains certificates that have been rejected.
       │ ├─📂certs      Contains the X.509 v3 Certificates which have been rejected.
       ├─📂trusted      The Certificate store contains trusted Certificates.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are trusted.
       │ └─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
       ├─📂issuers      The Certificate store contains the CA Certificates needed for validation.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are needed for validation.
       │ ├─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

sign a signing request (requires a CA)

optiondescriptiontypedefault
-i, --csrthe csr[string] [required][default: "my_certificate_signing_request.csr"]
-o, --outputthe name of the generated certificate[string] [required][default: "my_certificate.pem"]
-v, --validitythe certificate validity in days[number][default: 365]
-r, --rootthe location of the Certificate folder[string][default: "{CWD}/certificates"]
-c, --CAFolderthe location of the Certificate Authority folder[string][default: "{root}/CA"]

demo command

this command creates a bunch of certificates with various characteristics for demo and testing purposes.

crypto_create_CA  demo [--dev] [--silent] [--clean]

Options:

--help      display help                                                
--dev      create all sort of fancy certificates for dev testing purposes
--clean    Purge existing directory [use with care!]                    
--silent, -sminimize output                                              
--root, -rthe location of the Certificate folder{CWD}/certificates

Example:

$crypto_create_CA  demo --dev
certificate command
$crypto_create_CA certificate --help

Options:

--helpdisplay help
--applicationUri, -athe application URIurn:{hostname}:Node-OPCUA-Server
--output, -othe name of the generated certificatemy_certificate.pem
--selfSigned, -sif true, the certificate will be self-signedfalse
--validity, -vthe certificate validity in days
--silent, -sminimize output
--root, -rthe location of the Certificate folder{CWD}/certificates
--CAFolder, -cthe location of the Certificate Authority folder{root}/CA
--PKIFolder, -pthe location of the Public Key Infrastructure{root}/PKI
--privateKey, -poptional:the private key to use to generate certificate
--subjectthe certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )
examples
  • create a self-signed certificate
npx node-opcua-pki certificate --dns=machine1.com,machine2.com --ip="192.1.2.3;192.3.4.5" -a 'urn:{hostname}:My-OPCUA-Server' --selfSigned -o  my_self_signed_certificate.pem
References
prerequisite:

This module requires OpenSSL or LibreSSL to be installed.

On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need an internet connection open.

You need to install it on Linux, (or in your docker image), or on macOS

  • on ubuntu/Debian:
apt install openssl

or alpine:

apk add openssl
support:

Getting professional support

NodeOPCUA PKI is developed and maintained by sterfive.com.

To get professional support, consider subscribing to the node-opcua membership community:

Professional Support

or contact sterfive for dedicated consulting and more advanced support.

:heart: Supporting the development effort - Sponsors & Backers

If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.

If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.

Keywords

FAQs

Package last updated on 31 May 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc