node-opcua-pki
Create a Certificate Authority
PKI\CA Certificate Authority
PKI\rejected Certificates that are rejected - regardless of validity
PKI\trusted
PKI\issuers
PKI\issuers\crl
PKI\issuers\certs
commands
command | Help |
---|---|
demo | create default certificate for node-opcua demos |
createCA | create a Certificate Authority |
createPKI | create a Public Key Infrastructure |
certificate | create a new certificate |
revoke | revoke an existing certificate |
dump | display a certificate |
toder | convert a certificate to a DER format |
fingerprint | print the certificate fingerprint |
Options: --help display help
Create a certificate authority
default value | ||
---|---|---|
--subject |
the CA certificate subject | "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA" |
--root , -r |
the location of the Certificate folder | "{CWD}/certificates" |
--CAFolder , -c |
the location of the Certificate Authority folder | "{root}/CA"] |
--keySize , -k , --keyLength |
the private key size in bits (1024 | 2048 ,3072, 4096 ,2048 |
demo command
this command create a bunch of certificates with various characteristics for demo and testing purposes.
crypto_create_CA demo [--dev] [--silent] [--clean]
Options:
--help | display help | |
--dev | create all sort of fancy certificates for dev testing purposes | |
--clean | Purge existing directory [use with care!] | |
--silent, -s | minimize output | |
--root, -r | the location of the Certificate folder | {CWD}/certificates |
Example:
$crypto_create_CA demo --dev
certificate command
$crypto_create_CA certificate --help
Options:
--help | display help | |
--applicationUri, -a | the application URI | urn:{hostname}:Node-OPCUA-Server |
--output, -o | the name of the generated certificate | my_certificate.pem |
--selfSigned, -s | if true, the certificate will be self-signed | false |
--validity, -v | the certificate validity in days | |
--silent, -s | minimize output | |
--root, -r | the location of the Certificate folder | {CWD}/certificates |
--CAFolder, -c | the location of the Certificate Authority folder | {root}/CA |
--PKIFolder, -p | the location of the Public Key Infrastructure | {root}/PKI |
--privateKey, -p | optional:the private key to use to generate certificate | |
--subject | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) |
References
- https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
- https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
- https://tools.ietf.org/html/rfc5280
prerequisite:
This modules requires OpenSSL or LibreSSL to be installed.
On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need a internet connection open.
You need to install it on Linux, (or in your docker image), or on MacOS
- on ubuntu/debian:
apt install openssl
or alpine:
apk add openssl
note:
- do not upgrade update-notifier above 4.x.x until nodejs 8 is required
support:
Getting professional support
NodeOPCUA PKI is developed and maintained by sterfive.com.
To get professional support, consider subscribing to the node-opcua membership community:
or contact sterfive for dedicated consulting and more advanced support.
❤️ Supporting the development effort - Sponsors & Backers
If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.
If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.