tl-create
Advanced tools
Readme
A cross platform command line tool to create a X.509 trust list from various trust stores.
There are various organizations that produce lists of certificates that they believe should be trusted for one thing or another. These include:
Each of these lists have their own formats, this tool parses the lists provided by these other organizations and extracts the certificates that meet the specified criteria (for "email" as an example) and produces a PEM certificate bag these certificates.
For example to extract the roots that are trusted for email, code and web from both the EU Trust List and the Mozilla list the command would look like this:
node src/bin/tl-create.js --eutl --mozilla --for 'EMAIL_PROTECTION,CODE_SIGNING' --format pem roots.pem
This would produce a file that looked something like this:
Country: UK
Operator: European Commission
Source: EUTL
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
Operator: DigiCert, Inc
For: email, www, code
Source: Mozilla
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
node src/bin/tl-create.js --microsoft --format pem roots.pem
SERVER_AUTH
CLIENT_AUTH
CODE_SIGNING
EMAIL_PROTECTION
IPSEC_END_SYSTEM
IPSEC_TUNNEL
IPSEC_USER
TIME_STAMPING
OCSP_SIGNING
IPSEC_PROTECTION
DOCUMENT_SIGNING
EFS_CRYPTO
node src/bin/tl-create.js --mozilla --format pem roots.pem
DIGITAL_SIGNATURE
NON_REPUDIATION
KEY_ENCIPHERMENT
DATA_ENCIPHERMENT
KEY_AGREEMENT
KEY_CERT_SIGN
CRL_SIGN
SERVER_AUTH
CLIENT_AUTH
CODE_SIGNING
EMAIL_PROTECTION
IPSEC_END_SYSTEM
IPSEC_TUNNEL
IPSEC_USER
TIME_STAMPING
STEP_UP_APPROVED
node src/bin/tl-create.js --apple --format pem roots.pem
node src/bin/tl-create.js --aatl --format pem roots.pem
ROOT
CERTIFIED_DOCUMENTS
DYNAMIC_CONTENT
JAVASCRIPT
node src/bin/tl-create.js --eutl --format pem roots.pem
node src/bin/tl-create.js --mozilla --microsoft --for "SERVER_AUTH" --format pem roots.pem
NOTE: The default is ALL purposes
js
pkijs
pem
files
The "files" format is intended to store all certificates in separate files under specific directory. For example if a certificate exists in Mozilla Trust List and has "SubjectKeyIdentifier" equal to "ABABABABABABABBB" the certificate content would be stored under "mozilla/ABABABABABABABBB". So, for Mozilla Trust List root directory would be "mozilla", for Microsoft - "microsoft", for Apple - "apple", for Cisco - "cisco".
NOTE: Default output format is 'js'
git clone https://github.com/PeculiarVentures/tl-create.git
cd tl-create
npm install -g
Please report bugs either as pull requests or as issues in the issue tracker. tl-create has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.
FAQs
Node command line tool to create a X.509 trust list from various trust stores
The npm package tl-create receives a total of 18 weekly downloads. As such, tl-create popularity was classified as not popular.
We found that tl-create demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.