npm
Sign UpSign In

self-signed-tls-cert-generator

0.1.1 • Public • Published

self-signed-tls-cert-generator

A simple CLI NodeJS script to generate self-signed TLS certs (single common name or, experimentally, SAN certificates) really quickly and easily (by using configured defaults). Note that this is a script, not a consumable module.

Requirements

  • NodeJS or IOJS
  • npm or git (see below)
  • *nix (Mac OSX, Linux etc.) operating system - Windows will not work unless you have cygwin etc. installed

Installation

The simplest way is via npm (-g for global install which make it globally availanle in your *nix CLI):

npm install self-signed-tls-cert-generator -g

Or via git clone:

git clone https://github.com/neilstuartcraig/self-signed-tls-cert-generator
npm install -g

Usage

In your shell/terminal/console (assuming you've done a global install), simply type (tab auto-complete will be your friend as the filename is long:

Simple (single common name, accepting all defaults)

self-signed-tls-cert-generator <common name>

Where <common name> is the host name (e.g. www.example.org) for which you want to generate a self-signed TLS certificate. For example:

self-signed-tls-cert-generator www.example.org

More complex (single common name, overriding defaults):

self-signed-tls-cert-generator <options> <common name>

Where <options> are specified as -<option name> <optionvalue> or -<option name>=<optionvalue> e.g. -keyLength 4096 and/or -certNumDaysValid 90. For example:

self-signed-tls-cert-generator -keyLength 4096 -certNumDaysValid 90 www.example.org

Simple (SAN, accepting all defaults)

self-signed-tls-cert-generator <common name1> <common name2> <common name3>

Where <common name(1,2,3)> are the host names to be included in the SAN certificate (e.g. www.example.org) for which you want to generate a self-signed TLS certificate. For example:

self-signed-tls-cert-generator www.example.org www.example.com www.example.net

Options

You can specify zero or more options (as per the example above). The available options and their defaults are listed in the config file, in the opts object. Currently (I'll try to keep this up to date but the canonical source of truth is the config file):

// Key
keyLength:2048, // Number of bits
keyType:"des3", 

// CSR
certCountry:"GB",
certState:"Oxfordshire",
certLocality:"Oxford",
certOrgName:"Example org",
certOrgUnit:"Example org unit",
certEmailAddress:"some.person@example.org",
certChallengePassword:null,
certCompanyName:null,
certDigest:"sha256",
certNumDaysValid:3650 // ~10 years

Output

If it succeeds, the script will output 2 files in the current working directory, a private key and the TLS certificate, which will be named for the specified common name, e.g.:

<common name>.key
<common name>.pem

Keys

Note that the private key generated has no passphrase.

Roadmap

I'll be honnest, this project might not end up receiving a lot of my time but...I do have a few things I want to do:

  • Add some automated testing and test all options combinations
  • Verify SAN cert generation works!
  • Add the option to specify an output directory

Readme

Keywords

Package Sidebar

Install

npm i self-signed-tls-cert-generator

Repository

github.com/bbc/self-signed-tls-cert-generator

Homepage

github.com/bbc/self-signed-tls-cert-generator#readme

Weekly Downloads

3

Version

0.1.1

License

MIT

Last publish

Collaborators

  • tdp_org
Try on RunKit
Report malware