ssl-utils
A handful of wrappers around OpenSSL commands for Node.js
Usage
Install with npm: npm install ssl-utils --save
var ssl = require('ssl-utils');
var csr = {
subject: {
C: 'US',
ST: 'FL',
L: 'Hollywood',
O: 'es128',
OU: 'me',
CN: 'www.domain.name'
}
};
ssl.generateCertBuffer(
'myCert',
false,
csr,
caKeyPath,
caCertPath,
function (err, key, cert, fingerprint, hash) { }
);
var cert = certContents;
ssl.checkCertificateExpiration(cert, function (expiry) {
var remainingTime = expiry.getTime() - Date.now();
});
API
generateCertBuffer(prefix, keepTmp, certInfo, caKeyPath, caCertPath, callback)
Generates a new ssl certificate and private key, signed by the provided certificate authority.
- prefix:
String
prefix to use when naming temp files - keepTmp:
Boolean
whether temp files should be automatically deleted - certInfo:
Object
identity info to embed in the certificate
- subject: required child object with
C
(Country), ST
(State), L
(Locality),
O
(Organization), OU
(Organizational Unit), CN
(Common Name) - subjectaltname: optional string, comma-separated list of alt names for the certificate such
as
DNS:foo.domain.name, DNS:bar.domain.name, DNS:localhost, IP:127.0.0.1
- caKeyPath:
String
path to the certificate authority's private key pem file - caCertPath:
String
path to the certificate authority's certificate pem file - callback:
Function
in the form of callback(err, keyBuffer, certBuffer)
generateCert
Same as generateCertBuffer
except it returns file paths to the temp files for the key and cert
instead of buffers.
setExpiryDays(days)
Sets how many days from now a generated certificate should expire. If not set, openssl's default
or local settings will be used.
Additional certificate generation methods
createKeypair
, createCertRequestConfig
, createExtensionsFile
, createCertRequest
, and
createCert
are used by the above methods in the generation process, but are also exported and
can be used directly. Check the
generate.js
source code for
the method signatures.
checkCertificateExpiration(cert, callback)
Parses a provided certificate's expiration date.
- cert:
String|Buffer
contents of the certificate pem file - callback:
Function
in the form of callback(err, certExpiry)
where certExpiry is a Date
instance.
verifyCertificateKey(cert, key, [options], callback)
Checks the validity of a provided certificate and private key, as well as whether they match.
- cert:
String|Buffer
contents of the certificate - key:
String|Buffer
contents of the private key - options:
Object
- to verify the certificate against a specific certificate authority, pass the path the CA file in
options.CAfile
- to use Key password, pass the password in
options.pass
- callback:
Function
in the form of callback(err, result)
where result
is an object
containing certStatus
, keyStatus
, and match
- result.certStatus:
Object
containing Boolean
properties valid
, verifiedCA
, and
selfSigned
as well as output
containing the raw output from OpenSSL - result.keyStatus:
Object
containing valid
and output
- result.match:
Boolean
whether the cert's and key's modulus values match
Additional certificate verification methods
verifyCertificate
, verifyKey
, compareModuli
are used by verifyCertificateKey
, but are also
exported and can be used directly. Check the
verify.js
source code for
the method signatures.
Acknowledgements
The certificate generation code was derived from certgen.
License
MIT