Help you creating self-signing SSL Certificate
Simple tool to help you creating self-signing SSL Certificate for develop env based on openssl.
Do not use in production env
npm i -D async-self-cert
Description
Root SSL certificate
Generate a RSA-2048 key for Root SSL certificate using genRootCAKey()
:
// Normalvar error stdout stderr = await // You can read your password form file as belowvar error stdout stderr = await
Create a new Root SSL certificate rootCA.pem
by rootCA.key
with config (must) using reqRootCA()
:
// Normalvar error stdout stderr = await // You can read your password form file as belowvar error stdout stderr = await
Content of config file rootCA.cnf
like this:
[req]default_bits = 2048prompt = nodefault_md = sha256distinguished_name = dn [dn]C=TWST=Taiwan R.O.CL=KaohsiungO=Dev Test OrganizationOU=Dev Test Organization UintemailAddress=YOUR Email AddressCN = Test Common Name
Trust the root SSL certificate
You need to to tell your OS to trust your root certificate so all individual certificates issued by it are also trusted.
MAC
- Open Keychain Access then go to the Certificates category in your System keychain.
- Import the
rootCA.pem
using File > Import Items. - Double click the imported certificate and change the “When using this certificate:” dropdown to Always Trust in the Trust section.
Windows
See Deploying the CA certificate manually
Domain SSL certificate
Generate CSR and key using genDomainCSR()
, you have to create domainName.csr.cnf
under same folder before execute:
var error stdout stderr = await iferror throw error console
For example, it will read config test.domain.dev.csr.cnf
to generate test.domain.dev.csr
and test.domain.dev.key
for domain test.domain.dev
.
Content of config file test.domain.dev.csr.cnf
like this:
[req]default_bits = 2048prompt = nodefault_md = sha256distinguished_name = dn [dn]C=TWST=Taiwan R.O.CL=KaohsiungO=Dev Test OrganizationOU=Dev Test Organization UintemailAddress=YOUR Email AddressCN = test.domain.dev
Create a domain certificate by CSR and key using reqX509V3Cert()
, you have to create domainName.v3.ext
under same folder before execute:
// Normal for first signvar error stdout stderr = await // You can read your password form file as belowvar error stdout stderr = await
It will create domainName.crt
after execute. Content of config file domainName.v3.ext
like this:
authorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentsubjectAltName = @alt_names [alt_names]DNS.1 = domainName
The first time you use your Root CA to sign a domain certificate, it will create a file (like rootCA.srl
) containing a serial number.
You are probably going to create more certificate, and the next time you will have to use reqX509V3Cert()
as below :
// Normal after first signvar error stdout stderr = await // You can read your password form file as belowvar error stdout stderr = await
You can see example in test.js
.
Documentation
async function genRootCAKey(fileName, passout, passoutArg)
Generate a RSA-2048 key for Root SSL certificate.
fileName
: Specific key file namepassout
&passoutArg
: (Optional) see the PASS PHRASE ARGUMENTS section in openssl- return a fulfilled or rejected
Promise
with value[error, stdout, stderr]
async function reqRootCA(keyFile, fileName, config, passin, passoutArg)
Generate a RSA-2048 key for Root SSL certificate.
keyFile
: root key file namefileName
: root cert file nameconfig
: root config file namepassin
&passoutArg
: (Optional) see the PASS PHRASE ARGUMENTS section in openssl- return a fulfilled or rejected
Promise
with value[error, stdout, stderr]
async function genDomainCSR (domainName)
Generate a RSA-2048 key for Root SSL certificate.
domainName
: Specific an domain name- return a fulfilled or rejected
Promise
with value[error, stdout, stderr]
async function reqX509V3Cert (domainName, rootCAKey, rootCACert, rootCAserial, passin, passoutArg)
Generate a RSA-2048 key for Root SSL certificate.
domainName
: domain namerootCAKey
: root key file namerootCACert
: root cert file namerootCAserial
: (Optional) root srl file name, need after first sign.passin
&passoutArg
: (Optional) see the PASS PHRASE ARGUMENTS section in openssl- return a fulfilled or rejected
Promise
with value[error, stdout, stderr]