Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Dexus/pem

Create private keys and certificates with node.js
https://github.com/Dexus/pem

certificate certificate-signing-request csr javascript nodejs pem signing signing-certificates ssl ssl-certificate tls tls-certificate

Last synced: about 2 months ago
JSON representation

Create private keys and certificates with node.js

Host: GitHub
URL: https://github.com/Dexus/pem
Owner: Dexus
License: other
Created: 2012-06-23T06:33:57.000Z (about 12 years ago)
Default Branch: master
Last Pushed: 2024-04-30T08:46:17.000Z (5 months ago)
Last Synced: 2024-05-01T22:26:41.519Z (5 months ago)
Topics: certificate, certificate-signing-request, csr, javascript, nodejs, pem, signing, signing-certificates, ssl, ssl-certificate, tls, tls-certificate
Language: JavaScript
Size: 4.67 MB
Stars: 568
Watchers: 16
Forks: 133
Open Issues: 17
Metadata Files:
- Readme: README.md
- Changelog: HISTORY.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

README

        pem

===

Create private keys and certificates with node.js

[![Build Status](https://secure.travis-ci.org/Dexus/pem.png)](http://travis-ci.org/Dexus/pem) [![npm version](https://badge.fury.io/js/pem.svg)](http://badge.fury.io/js/pem) [![npm downloads](https://img.shields.io/npm/dt/pem.svg)](https://www.npmjs.com/package/pem) [![pem documentation](https://img.shields.io/badge/pem-documentation-0099ff.svg?style=flat)](https://dexus.github.io/pem/jsdoc/)

[![JavaScript Style Guide](https://cdn.rawgit.com/standard/standard/master/badge.svg)](https://github.com/standard/standard)

## Installation

Install with npm

    npm install pem

or use yarn

    yarn add pem

:warning: Please make sure you have `openssl` or `libressl` already installed on your system/container, without

them `pem` will not work.

## Examples

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the

standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port

number, like 4300, and use https://localhost:4300 to access your server.

### Basic https

```javascript

var https = require('https')

var pem = require('pem')

pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {

  if (err) {

    throw err

  }

  https.createServer({ key: keys.clientKey, cert: keys.certificate }, function (req, res) {

    res.end('o hai!')

  }).listen(443)

})

```

###  Express

```javascript

var https = require('https')

var pem = require('pem')

var express = require('express')

pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {

  if (err) {

    throw err

  }

  var app = express()

  app.get('/', function (req, res) {

    res.send('o hai!')

  })

  https.createServer({ key: keys.clientKey, cert: keys.certificate }, app).listen(443)

})

```

## API

Please have a look into the [API documentation](https://dexus.github.io/pem/jsdoc/).

_we had to clean up a bit_

### Custom extensions config file

You can specify custom OpenSSL extensions using the `config` or `extFile` options for `createCertificate` (or using `csrConfigFile` with `createCSR`).

`extFile` and `csrConfigFile` should be paths to the extension files. While `config` will generate a temporary file from the supplied file contents.

If you specify `config` then the `v3_req` section of your config file will be used.

The following would be an example of a Certificate Authority extensions file:

    [req]

    req_extensions = v3_req

    distinguished_name = req_distinguished_name

    [req_distinguished_name]

    commonName = Common Name

    commonName_max = 64

    [v3_req]

    basicConstraints = critical,CA:TRUE

While the following would specify subjectAltNames in the resulting certificate:

    [req]

    req_extensions = v3_req

    [ v3_req ]

    basicConstraints = CA:FALSE

    keyUsage = nonRepudiation, digitalSignature, keyEncipherment

    subjectAltName = @alt_names

    [alt_names]

    DNS.1 = host1.example.com

    DNS.2 = host2.example.com

    DNS.3 = host3.example.com

Note that `createCertificate` and `createCSR` supports the `altNames` option which would be easier to use in most cases.

:warning: **Warning: If you specify `altNames` the custom extensions file will not be passed to OpenSSL.**

### Setting openssl location

In some systems the `openssl` executable might not be available by the default name or it is not included in $PATH. In this case you can define the location of the executable yourself as a one time action after you have loaded the pem module:

```javascript

var pem = require('pem')

pem.config({

  pathOpenSSL: '/usr/local/bin/openssl'

})

// do something with the pem module

```

### :warning: CSR/Certificates with special chars

For more details, search in `test/pem.spec.js`: `Create CSR with specialchars config file`

If you use special chars like:

```

-!$%^&*()_+|~=`{}[]:/;<>?,.@#

```

You should know that the result mey have escaped characters when you read it in your application.

Will try to fix this in the future, but not sure.

### Special thanks to

- Andris Reinman (@andris9) - Initiator of pem

## License

**MIT**