self-signed

Generate self-signed certificates, private, and public keys

npm install self-signed
1 downloads in the last day
18 downloads in the last week
30 downloads in the last month

Generate a self signed x509 certificate from node.js.

Build Status

Install

$ npm install self-signed

Test

Run any of the following:

$ npm test
$ make test
$ mocha

Note: Don't forget to npm install!

Usage

var generate = require('self-signed');

var pems = generate({
  name: 'example.com',
  city: 'Blacksburg',
  state: 'Virginia',
  organization: 'Test',
  unit: 'Test'
}, {
  keySize: 1024, // default
  expire: 2 * 365 * 24 * 60 * 60 * 1000 // defaults to exactly 1 year
});

console.log(pems);

Will log an object with private, public and cert properties.

{
  private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQCBFMXMYS/+RZz6+qzv+xeqXPdjw4YKZC4y3dPhSwgEwkecrCTX\r\nsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vMTrTx6YwqQ8tceBPoyuuqcYBO\r\nOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKAgY0m5WIuaKrW6mvLXQIDAQAB\r\nAoGAU6ODGxAqSecPdayyG/ml9vSwNAuAMgGB0eHcpZG5i2PbhRAh+0TAIXaoFQXJ\r\naAPeA2ISqlTJyRmQXYAO2uj61FzeyDzYCf0z3+yZEVz3cO7jB5Pl6iBvzbxWuuuA\r\ncbJtWLhWtW5/jioc8F0EAzZ+lkC/XuVJdwKHDmwt2qvJO+ECQQD+dvo1g3Sz9xGw\r\n21n+fDG5i4128+Qh+JPgh5AeLuXSofc1HMHaOXcC6Wu/Cloh7QAD934b7W0A7VoD\r\ndLd/JLyFAkEAgdwjryyvdhy69e516IrPB3b+m4rggtntBlZREMrk9tOzeIucVO3W\r\ntKI3FHm6JebN2gVcG+rZ+FaDPo+ifJkW+QJBAPojrMwEACmUevB2f9246gxx0UsY\r\nbq6yM3No71OsWEEY8/Bi53CEQqg7Gq5+F6H33qcHmBEN8LQTngN9rY+vZh0CQBg0\r\nqJImii5B/LeK03+dICoMDDmCEYdSh9P+ku3GZBd+Lp3xqBpMmxDgi9PNPN2DwCs7\r\nhIfPpwGbXqtyqp7/CkECQB4OdY+2FbCciI473eQkTu310RMf8jElU63iwnx4R/XN\r\n/mgqN589OfF4SS0U/MoRzYk9jF9IAJN1Mi/571T+nw4=\r\n-----END RSA PRIVATE KEY-----\r\n',

  public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBFMXMYS/+RZz6+qzv+xeqXPdj\r\nw4YKZC4y3dPhSwgEwkecrCTXsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vM\r\nTrTx6YwqQ8tceBPoyuuqcYBOOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKA\r\ngY0m5WIuaKrW6mvLXQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',

  cert: '-----BEGIN CERTIFICATE-----\r\nMIICjTCCAfagAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTEz\r\nMDgxMzA1NDAyN1oXDTE0MDgxMzA1NDAyN1owaTEUMBIGA1UEAxMLZXhhbXBsZS5v\r\ncmcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxh\r\nY2tzYnVyZzENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDCBnzANBgkqhkiG\r\n9w0BAQEFAAOBjQAwgYkCgYEAgRTFzGEv/kWc+vqs7/sXqlz3Y8OGCmQuMt3T4UsI\r\nBMJHnKwk17Eem6LnvtTIyKj6loIF2Z6LSBpXXxDdJJ9CW4drzE608emMKkPLXHgT\r\n6MrrqnGATjjjQHCjgdzC52W8joFbW8k94+vCROVf5cei4aSCgIGNJuViLmiq1upr\r\ny10CAwEAAaNFMEMwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAvQwJgYDVR0RBB8w\r\nHYYbaHR0cDovL2V4YW1wbGUub3JnL3dlYmlkI21lMA0GCSqGSIb3DQEBBQUAA4GB\r\nAC9hGQlDh8anNo1YDJdG2mYqOQ5uybJV++kixblGaOkoDROPsWepUpL6kMDUtbAM\r\n4uXTyFkvlUQSaQkhNgOY5w/BRIAkCIu6u4D4XcjlCdwFq6vcKMEuWTHMAlBWFla3\r\nXJZAPO10PHuDen7JeMOUf1Re7lRFtwfRGAvVYmrvYFKv\r\n-----END CERTIFICATE-----\r\n'
}

Attributes

Supports attributes using a simplified syntax.

var generate = require('self-signed');

var pems = generate({
  name: 'example.com', // the common name
  country: 'US', // default
  city: 'Blacksburg',
  state: 'Virginia',
  organization: 'Test',
  unit: 'Test' // the organizational unit (e.g. department)
});
console.log(pems);

Full Options

Supports keySize, serial, expire, alt, pkcs7

var pems = generate(null, {
  keySize: 2048, // defaults to 1024
  serial: '329485', // defaults to '01'
  expire: new Date('10 December 2100'), // defaults to one year from today
  pkcs7: true, // defaults to false, indicates whether to protect with PKCS#7
  alt: [] // default undefined, alternate names if array of objects/strings
});

Expire

Expire can be specified as:

  • a Date object
  • a string timestamp to be passed to the Date constructor
  • a number representing milliseconds from now

If the expire option matches none of these, it defaults to new Date plus one year.

Alternate names

The alt specifies alternate names that apply to the certificate. Currently autodetects IP addresses,

Allowed formats include:

  • ['127.0.0.1', 'http://www.example.org']
  • [{type: Number, value: *}, {type: 7, ip: '127.0.0.1'}, {type: 6, value: 'http://example.org'}]

Example

Creating an HTTPS Server and Making Verified Requests

var keypair = require('..');

var https = require('https');
var portfinder = require('portfinder'); // you'll need to install this to test

createServer(function(err, server) {
  if (err) {
    throw err;
  }
  var raw = 'hello, world!', body = new Buffer(raw);
  server.on('request', function(req, res) {
    res.writeHead(200, {
      'content-length': body.length,
      'content-type': 'text/plain'
    });
    res.end(body);
  });
  request({
    port: server.port,
    ca: [server.cert]
  }, function(err, data) {
    server.close();
    if (err) {
      throw err;
    }
    console.log('success:', data.toString() === raw);
  });
});

// easy-to-use wrapper
function createServer(callback) {
  var options = keypair({
    name: 'localhost',
    city: 'Blacksburg',
    state: 'Virginia',
    organization: 'Test',
    unit: 'Test'
  }, {
    alt: ['127.0.0.1']
  });

  // server automatically sets up a .cert property
  var server = https.createServer({
    key: options.private,
    cert: options.cert
  });

  portfinder.getPort(function(err, port) {
    if (err) {
      return callback(err);
    }
    server.port = port;
    server.listen(port, 'localhost', function() {
      callback(null, server);
    });
  });

  return server;
}

function request(options, callback) {
  options.hostname = 'localhost';
  options.path = '/';
  var req = https.get(options, function(res) {
    res.on('error', callback);

    var data = [], length = 0;
    res.on('data', function(chunk) {
      data.push(chunk);
      length += chunk.length;
    });
    res.on('end', function() {
      callback(null, Buffer.concat(data, length));
    });
  });
  req.on('error', callback);
}

License

MIT

npm loves you