selfsigned-ca
🔑 Generate self-signed certificates, keys and Root CA for use in HTTPS servers.
Installation
npm install selfsigned-ca
Usage
Following demo creates CA Root certificate and uses it to sign second certificate which is then used to start HTTPS server with. CA Root certificate is also installed to system's keychain so that all signed certs are automatically trusted. On a second run, the localhost certificate is loaded and used straight away or new one is generated and signed.
var https = var Cert = // Root CA certificate used to sign other certificates.// argument(s) point to .crt and .key file paths - ./selfsigned.root-ca.crt & ./selfsigned.root-ca.keyvar rootCaCert = 'selfsigned.root-ca'// The certificate generated for use in the HTTP server. It is signed by the CA certificate.// That way you can create any amount of certificates and they will be all trusted as long// as the Root CA certificate is trusted (installed to device's keychain).// argument(s) point to .crt and .key file paths - ./selfsigned.localhost.crt & ./selfsigned.localhost.keyvar serverCert = `selfsigned.localhost` serverCert { try // Try to load and use existing CA certificate for signing. console await catcherr console await console console console} { var server = https server} { await rootCaCert if !await rootCaCert // Make sure the CA is installed to device's keychain so that all server certificates // signed by the CA are automatically trusted and green. await rootCaCert } { // Couldn't load existing root CA certificate. Generate new one. rootCaCert await rootCaCert // Install the newly created CA to device's keychain so that all server certificates // signed by the CA are automatically trusted and green. await rootCaCert} { var serverCertOptions = subject: commonName: 'localhost' extensions: name: 'subjectAltName' altNames: type: 2 value: 'localhost' // DNS type: 7 ip: '127.0.0.1' // IP serverCert await serverCert}
License
MIT, Mike Kovařík, Mutiny.cz