README
node-opcua-pki
Create a Certificate Authority
PKI\CA Certificate Authority
PKI\rejected Certificates that are rejected - regardless of validity
PKI\trusted
PKI\issuers
PKI\issuers\crl
PKI\issuers\certs
commands
| command | Help |
|---|---|
| demo | create default certificate for node-opcua demos |
| createCA | create a Certificate Authority |
| createPKI | create a Public Key Infrastructure |
| certificate | create a new certificate |
| revoke | revoke an existing certificate |
| dump | display a certificate |
| toder | convert a certificate to a DER format |
| fingerprint | print the certificate fingerprint |
Options: --help display help
Create a certificate authority
| default value | ||
|---|---|---|
--subject |
the CA certificate subject | "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA" |
--root, -r |
the location of the Certificate folder | "{CWD}/certificates" |
--CAFolder, -c |
the location of the Certificate Authority folder | "{root}/CA"] |
--keySize, -k, --keyLength |
the private key size in bits (1024 | 2048 ,3072, 4096 ,2048 |
demo command
this command create a bunch of certificates with various characteristics for demo and testing purposes.
crypto_create_CA demo [--dev] [--silent] [--clean]
Options:
| --help | display help | |
| --dev | create all sort of fancy certificates for dev testing purposes | |
| --clean | Purge existing directory [use with care!] | |
| --silent, -s | minimize output | |
| --root, -r | the location of the Certificate folder | {CWD}/certificates |
Example:
$crypto_create_CA demo --dev
certificate command
$crypto_create_CA certificate --help
Options:
| --help | display help | |
| --applicationUri, -a | the application URI | urn:{hostname}:Node-OPCUA-Server |
| --output, -o | the name of the generated certificate | my_certificate.pem |
| --selfSigned, -s | if true, the certificate will be self-signed | false |
| --validity, -v | the certificate validity in days | |
| --silent, -s | minimize output | |
| --root, -r | the location of the Certificate folder | {CWD}/certificates |
| --CAFolder, -c | the location of the Certificate Authority folder | {root}/CA |
| --PKIFolder, -p | the location of the Public Key Infrastructure | {root}/PKI |
| --privateKey, -p | optional:the private key to use to generate certificate | |
| --subject | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) |
References
- https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
- https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
- https://tools.ietf.org/html/rfc5280
prerequisite:
This modules requires OpenSSL or LibreSSL to be installed.
On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need a internet connection open.
You need to install it on Linux, (or in your docker image), or on MacOS
- on ubuntu/debian:
apt install openssl
or alpine:
apk add openssl
note:
- do not upgrade update-notifier above 4.x.x until nodejs 8 is required
support:
Getting professional support
NodeOPCUA PKI is developed and maintained by sterfive.com.
To get professional support, consider subscribing to the node-opcua membership community:
or contact sterfive for dedicated consulting and more advanced support.
:heart: Supporting the development effort - Sponsors & Backers
If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.
If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.