Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

myca-cli

waitingsong12MIT5.1.0TypeScript support: included

command line of creating Self-signed CA certificate for development use and issue server or client certificates, generated using openssl

CA, cert, csr, certificate, ec, ecc, Elliptic Curve, openssl, pkcs, PKCS8, PKCS12, pfx, p12, P-256, P-384, prime256v1, secp384r1, RSA, self signed, SAN, SSL, TLS, x509

readme

myca

使用 openssl 和 node.js 创建自有 CA 中心(自签发CA证书或者上级CA签发的中级CA证书),签发自签名数字证书。支持创建多个 CA 中心。支持 RSA,EC(P-256, P-384)算法。

GitHub tag License ci codecov Conventional Commits lerna

安装

npm install --save myca

CLI 命令行

  • myca-cli
  • 安装 npm i -g myca-cli
  • 命令行帮助
    • myca
    • myca initca -h
    • myca issue -h

  • Example

    myca initca --days=10950 --alg=ec --pass=capass \
  --cn="Root CA" --ou="waitingsong.com" --o="waitingsong" --l="CD" --c=CN \
    myca issue --kind=server --days=3650 --pass=mypass \
  --cn="waitingsong.com" --o="waitingsong" --c=CN --caKeyPass=capass \
  --centerName=default --alg=ec \
  --ips="127.0.0.1, 192.168.0.1" \
  --SAN="localhost" 
    myca issue --kind=client --days=3650 --pass=mypass \
  --cn="client" --o="it" --c=CN --caKeyPass=capss \
  --centerName=default --alg=ec

使用

  • 初始化默认中心

    import { initDefaultCenter } from 'myca'

await initDefaultCenter()

  • 初始化默认中心的 CA 自签发证书

    import { initCaCert } from 'myca'

const opts = {
  days: 10950,  // 30years
  pass: 'mycapass',
  CN: 'My Root CA',    // Common Name
  O: 'My Company',   // Organization Name (eg, company)
  C: 'CN',   // Country Name (2 letter code)
}
await initCaCert(opts)

  • 签发一张 RSA 服务器证书

    import { genCert } from 'myca'

const opts = {
  caKeyPass: 'mycapass',
  kind: 'server',   // server cert
  days: 730,
  pass: 'fooo',   // at least 4 letters
  CN: 'www.waitingsong.com',    // Common Name
  OU: '',   // Organizational Unit Name
  O: '',   // Organization Name
  L: '',    // Locality Name (eg, city)
  ST: '',   // State or Province Name
  C: 'CN',   // Country Name (2 letter code)
  emailAddress: '',
}
await genCert(opts)
console.log(ret.cert)
console.log(ret.crtFile)
console.log(ret.privateUnsecureKey)

  • 创建额外的中心,并且自签发 EC 算法的 CA 证书 (默认 P-256)

    import { initCenter, initCaCert } from 'myca'

// 中心名centerName: ec, 路径: /opt/center-ec/ (可省略)
await initCenter('ec', '/opt/center-ec')
await myca.initCaCert({
  centerName: 'ec',
  alg: 'ec',
  days: 10950,
  pass: 'mycapass',
  CN: 'My Root CA',
  O: 'My Company',
  C: 'CN',
})

  • 使用指定的中心签发一张 RSA 服务器证书

    import { genCert } from 'myca'

const opts = {
  centerName: 'ec',  // <--- 指定中心名: ec
  caKeyPass: 'mycapass',
  kind: 'server',
  days: 730,
  pass: 'fooo',
  CN: 'www.waitingsong.com',
  C: 'CN',
}
const ret = await genCert(opts)
console.log(ret.cert)
console.log(ret.crtFile)
console.log(ret.privateUnsecureKey)

  • 签发 SAN 多域名服务器证书

    import { genCert } from 'myca'

const opts = {
  caKeyPass: 'mycapass',
  kind: 'server',
  days: 730,
  pass: 'fooo',
  CN: 'www.waitingsong.com',
  C: 'CN',
  SAN: ['foo.waitingsong.com', 'bar.waitingsong.com'],
}
await genCert(opts)

  • 签发 SAN 多ip服务器证书

    import { genCert } from 'myca'

const opts = {
  caKeyPass: 'mycapass',
  kind: 'server',
  days: 730,
  pass: 'fooo',
  CN: 'www.waitingsong.com',
  C: 'CN',
  // https://www.tbs-certificates.co.uk/FAQ/en/normes_tld.html
  // 10.0.0.0 – 10.255.255.255
  // 172.16.0.0 – 172.31.255.255
  // 192.168.0.0 – 192.168.255.255
  ips: ['127.0.0.1', '192.168.0.1'], // not support ip mask
}
const ret = await genCert(opts)
console.log(ret.cert)

  • 签发一张 RSA p12/pfx 客户端证书

    import { genCert } from 'myca'

const opts = {
  caKeyPass: 'mycapass',
  kind: 'client',   // pfx cert
  days: 730,
  pass: 'fooo',   // at least 4 letters
  CN: 'www.waitingsong.com',    // Common Name
  C: 'CN',   // Country Name (2 letter code)
}
const ret = await genCert(opts)
console.log(ret.pfxFile)

Packages

Package Version
myca main-svg
myca-cli cli-svg

License

MIT

Languages

changelog

Change Log

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

5.1.0 (2023-08-21)

Features

  • cli: use tsx instead of ts-node-esm as cli Hashbang (c70d916)

5.0.0 (2023-07-26)

Features

  • myca: genIssueSubj() not allow value of Array (4c2d50e)
  • myca: update types for ca cert generation (083533a)

4.2.0 (2023-07-26)

Features

  • myca-cli: detect confusing command within parseCmd() (c3018ba)

4.1.7 (2023-07-25)

Note: Version bump only for package myca

4.1.6 (2023-07-24)

Bug Fixes

4.1.5 (2023-07-24)

Note: Version bump only for package myca

4.1.4 (2023-07-24)

Bug Fixes

  • myca-cli: value of centerName and centerPath within initCenterCli() (03bc699)

4.1.3 (2023-07-21)

Bug Fixes

4.1.2 (2023-07-21)

Bug Fixes

  • myca: genCert() not use kind during create csr (1f594b3)
  • myca: tmp files not removed (f4a0d14)
  • myca: tpl.conf.client (e835bf2)

4.1.1 (2023-07-21)

Note: Version bump only for package myca

4.1.0 (2023-07-21)

Bug Fixes

  • myca-cli: parseCliArgs() argv not merged (e77b028)
  • myca: options.caKeyPass may be number (4475d57)
  • myca: trim serialContent (ef73676)

Features

  • myca-cli: pass debug to issueCli() (1b1fcde)
  • myca: add debug parameter of functions (99bc860)
  • myca: options of runOpenssl() accepts debug property (77dd565)
  • myca: set param conf of genCert() Partial (eb26f7a)
  • myca: update tpl.conf.server (8ca83fb)

4.0.4 (2023-07-21)

Note: Version bump only for package npm-mono-base

4.0.3 (2023-07-20)

Bug Fixes

4.0.2 (2023-07-20)

Note: Version bump only for package npm-mono-base

4.0.1 (2023-07-20)

Note: Version bump only for package npm-mono-base

4.0.0 (2023-07-20)

Bug Fixes

  • catch test error (5efe156)
  • createDir() path resolve under linux (c6d1274)
  • deps, peerDeps might empty (e3ab52b)
  • error TS1345: An expression of type 'void' cannot be tested for truthiness (0085713)
  • options not covered within createFile() (a2ae4e8)
  • path require parse by normalize() within createDir() (371a313)
  • revert ts-node to '5.0.1' (cc83ade)
  • rimraf() got "no such file or directory" if unlink a file (2680611)
  • rimraf() rm folder (87fe6d5)
  • tslint: no-unused-variable rule (d0ce43a)
  • wrong variable within createFile() (49ac701)

Features

  • add assertNever() (6eb9349)
  • add assertNeverObb() (91da144)
  • add isPathAcessible() (7eb000b)
  • add lib/shared.ts (6915fb1)
  • add logger() (5d603c5)
  • add Observable functions (c9364db)
  • change logger() to accept more args (b5d0ca4)
  • compile output bundle file without minify (0b78ba1)
  • do isPathAccessible() first within isDirFileExists() (9ddae98)
  • export basename() from shared (7e93fd7)
  • export dirname() (0db2a50)
  • export native assert() (683cea8)
  • export os.tmpdir() (1cc1f3e)
  • export rmdirAsync() and rimraf() (4ef519a)
  • export statAsync (c832590)
  • output esm.min.js (f6c729f)
  • parse peerDependencies as external (dfdd73e)
  • parseUMDName() (6e7164f)
  • remove log() and logger() (27e1e29)

Reverts

Change Log

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

3.2.0 (2019-01-23)

3.1.1 (2019-01-22)

3.1.0 (2019-01-22)

Features

  • initCenter(centerName, path?) path is optional (862ad34)

3.0.1 (2019-01-21)

Bug Fixes

  • createDir() path resolve under linux (c6d1274)

Features

  • add Observable functions (c9364db)
  • do isPathAccessible() first within isDirFileExists() (9ddae98)
  • export statAsync (c832590)