
0.0.1 • Public • Published

Certificate Forger 📕

Command line tool for easily creating self-signed RSA certificates using the node-forge module.


  • The tool can be installed globally throught npm, then use cforge to access it:
npm install -g certificate-forger
cforge --help
  • It can also be installed locally in your module, you can then use npx to create certificates:
npm install certificate-forger
npx cforge --help

Certificate Creation 📜

Using the tool 🔨

The tool uses node-forge module to create a RSA keypair of the chosen size and a new certificate with the provided attributes and alternative options (if enabled). To use the tool execute the cforge command ans choose the options to enable:

> cforge --help OR npx cforge --help
Usage: cforge [options]

Generate X.509 PEM certificates using node-forge

  -V, --version  output the version number
  -a,--alt       Enable alternatives option (default: false)
  -o,--out       Output certificate to file (default: false)
  -h, --help     display help for command

Key-Size 🗝️

The tool provides 1024, 2048, 4096, 8192 key size options for the RSA keypair generation.

Options ⚙️

Exporting to PEM files 📂

Adding the -o or --out option will enable the prompr for providing an output directory location for storing the generated certificate, by default point to a certificate folder in the current working directory:

> cforge -o
✔ RSA Modulus Size › 2048
✔ Certificate Attibutes: (commonName=example.com) … CN=example.com, OU=Test
✔ Add more attributes? … yes
✔ Certificate Attibutes: (commonName=example.com) … *SU=Test
√ Output Location: ... /home/doth/certificates

The certificate and private key can be found in the chose location as shown below:

> ls ./certificates
cert.pem   pkey.pem
> cat ./certificates/cert.pem

Adding Alternative IPs & URIs 🔗

If you add the -a or --alt option, the tool will prompt for alternative IPs and URIs to add to the certificate. Both inputs can take multiple arguments using , as the seperator:

> cforge -a
√ Alternative IPs: ...,
√ Alternative URIs: ... http://server.com 

Adding OID Attributes 🔧

Certificate attributes must be in the format <name/*ShortName>=<value> (Use the * to add a ShortName identifier for the attribute instead of name). When adding attributes to the certificate, they should correspond to existing OIDs defined in the node-forge module, below is a list of the Object IDentifiers available to provide as attributes for the certificate:

    commonName: '',
    surname: '',
    serialNumber: '',
    countryName: '',
    localityName: '',
    stateOrProvinceName: '',
    streetAddress: '',
    organizationName: '',
    organizationalUnitName: '',
    title: '',
    description: '',
    businessCategory: '',
    postalCode: '',
    givenName: '',
    rsaEncryption: '1.2.840.113549.1.1.1',
    md5WithRSAEncryption: '1.2.840.113549.1.1.4',
    sha1WithRSAEncryption: '1.2.840.113549.1.1.5',
    'RSAES-OAEP': '1.2.840.113549.1.1.7',
    mgf1: '1.2.840.113549.1.1.8',
    pSpecified: '1.2.840.113549.1.1.9',
    'RSASSA-PSS': '1.2.840.113549.1.1.10',
    sha256WithRSAEncryption: '1.2.840.113549.1.1.11',
    sha384WithRSAEncryption: '1.2.840.113549.1.1.12',
    sha512WithRSAEncryption: '1.2.840.113549.1.1.13',
    EdDSA25519: '',
    'dsa-with-sha1': '1.2.840.10040.4.3',
    desCBC: '',
    sha1: '',
    sha1WithRSASignature: '',
    sha256: '2.16.840.',
    sha384: '2.16.840.',
    sha512: '2.16.840.',
    sha224: '2.16.840.',
    'sha512-224': '2.16.840.',
    'sha512-256': '2.16.840.',
    md2: '1.2.840.113549.2.2',
    md5: '1.2.840.113549.2.5',
    data: '1.2.840.113549.1.7.1',
    signedData: '1.2.840.113549.1.7.2',
    envelopedData: '1.2.840.113549.1.7.3',
    signedAndEnvelopedData: '1.2.840.113549.1.7.4',
    digestedData: '1.2.840.113549.1.7.5',
    encryptedData: '1.2.840.113549.1.7.6',
    emailAddress: '1.2.840.113549.1.9.1',
    unstructuredName: '1.2.840.113549.1.9.2',
    contentType: '1.2.840.113549.1.9.3',
    messageDigest: '1.2.840.113549.1.9.4',
    signingTime: '1.2.840.113549.1.9.5',
    counterSignature: '1.2.840.113549.1.9.6',
    challengePassword: '1.2.840.113549.1.9.7',
    unstructuredAddress: '1.2.840.113549.1.9.8',
    extensionRequest: '1.2.840.113549.1.9.14',
    friendlyName: '1.2.840.113549.1.9.20',
    localKeyId: '1.2.840.113549.1.9.21',
    x509Certificate: '1.2.840.113549.',
    keyBag: '1.2.840.113549.',
    pkcs8ShroudedKeyBag: '1.2.840.113549.',
    certBag: '1.2.840.113549.',
    crlBag: '1.2.840.113549.',
    secretBag: '1.2.840.113549.',
    safeContentsBag: '1.2.840.113549.',
    pkcs5PBES2: '1.2.840.113549.1.5.13',
    pkcs5PBKDF2: '1.2.840.113549.1.5.12',
    pbeWithSHAAnd128BitRC4: '1.2.840.113549.',
    pbeWithSHAAnd40BitRC4: '1.2.840.113549.',
    'pbeWithSHAAnd3-KeyTripleDES-CBC': '1.2.840.113549.',
    'pbeWithSHAAnd2-KeyTripleDES-CBC': '1.2.840.113549.',
    'pbeWithSHAAnd128BitRC2-CBC': '1.2.840.113549.',
    'pbewithSHAAnd40BitRC2-CBC': '1.2.840.113549.',
    hmacWithSHA1: '1.2.840.113549.2.7',
    hmacWithSHA224: '1.2.840.113549.2.8',
    hmacWithSHA256: '1.2.840.113549.2.9',
    hmacWithSHA384: '1.2.840.113549.2.10',
    hmacWithSHA512: '1.2.840.113549.2.11',
    'des-EDE3-CBC': '1.2.840.113549.3.7',
    'aes128-CBC': '2.16.840.',
    'aes192-CBC': '2.16.840.',
    'aes256-CBC': '2.16.840.',
    jurisdictionOfIncorporationStateOrProvinceName: '',
    jurisdictionOfIncorporationCountryName: '',
    nsCertType: '2.16.840.1.113730.1.1',
    nsComment: '2.16.840.1.113730.1.13',
    '': 'authorityKeyIdentifier',
    '': 'keyAttributes',
    '': 'certificatePolicies',
    '': 'keyUsageRestriction',
    '': 'policyMapping',
    '': 'subtreesConstraint',
    '': 'subjectAltName',
    '': 'issuerAltName',
    '': 'subjectDirectoryAttributes',
    '': 'basicConstraints',
    '': 'nameConstraints',
    '': 'policyConstraints',
    '': 'basicConstraints',
    subjectKeyIdentifier: '',
    keyUsage: '',
    subjectAltName: '',
    issuerAltName: '',
    basicConstraints: '',
    '': 'cRLNumber',
    '': 'cRLReason',
    '': 'expirationDate',
    '': 'instructionCode',
    '': 'invalidityDate',
    '': 'cRLDistributionPoints',
    '': 'issuingDistributionPoint',
    '': 'deltaCRLIndicator',
    '': 'issuingDistributionPoint',
    '': 'certificateIssuer',
    '': 'nameConstraints',
    cRLDistributionPoints: '',
    certificatePolicies: '',
    '': 'policyMappings',
    '': 'policyConstraints',
    authorityKeyIdentifier: '',
    '': 'policyConstraints',
    extKeyUsage: '',
    '': 'freshestCRL',
    '': 'inhibitAnyPolicy',
    timestampList: '',
    authorityInfoAccess: '',
    serverAuth: '',
    clientAuth: '',
    codeSigning: '',
    emailProtection: '',
    timeStamping: ''


Current Tags

VersionDownloads (Last 7 Days)Tag

Version History

VersionDownloads (Last 7 Days)Published

Package Sidebar


npm i certificate-forger

Weekly Downloads






Unpacked Size

25 kB

Total Files


Last publish


  • doth-j