Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I generate self signed root CA certificate , and then generate certificates signed by the CA? #13

Open
zszszsz opened this issue Jul 9, 2016 · 5 comments · May be fixed by #43
Open

How can I generate self signed root CA certificate , and then generate certificates signed by the CA? #13

zszszsz opened this issue Jul 9, 2016 · 5 comments · May be fixed by #43

Comments

@zszszsz
Copy link

zszszsz commented Jul 9, 2016

thanks a lot for that , I dont know much about how certificates work.
@PascalPuchtler
Copy link

Hey, you have to add the keyPari in the options form the generation of the certifact.
Here is an examle code that show, how to insert the keypair into the client certificat generation.

`
let selfsigned = require('selfsigned');
let root_cert = selfsigned.generate();

//here you can save the root certifacte and load it, if you need

let key_pair = {
privateKey: root_cert.private,
publicKey: root_cert.public
}

let attrs_options = {
keyPair:key_pair,
clientCertificate: true,
clientCertificateCN: '192.168.1.1.'
}

let client_cert = selfsigned.generate(attrs_root, attrs_options);`

@apoutchika
Copy link

Hello,

I try this code, i have NET::ERR_CERT_COMMON_NAME_INVALID :

const https = require('https')
const app = require('express')()
const selfsigned = require('selfsigned')
const fs = require('fs-extra')

if (!fs.pathExistsSync('./root.json')) {
  const rootCA = selfsigned.generate(
    [{ name: 'commonName', value: 'titi.devel' }],
    {
      keySize: 2048,
      algorithm: 'sha256'
    }
  )
  fs.writeFileSync('./root.json', JSON.stringify(rootCA, null, 2))

  // save rootCA.cert and add it in chrome://settings/certificates Autority
  fs.writeFileSync('./root.crt', rootCA.cert)
}

const rootCA = require('./root.json')

const cert = selfsigned.generate(
  [{ name: 'commonName', value: 'titi.devel' }],
  {
    keySize: 2048,
    keyPair: {
      privateKey: rootCA.private,
      publicKey: rootCA.public
    },
    algorithm: 'sha256'
  }
)

app.get('/', (req, res) => res.send('ok'))

const httpsServer = https.createServer(
  {
    key: cert.private,
    cert: cert.cert
  },
  app
)
httpsServer.listen(443)

After add root cert in chrome autority, when i go to https://titi.devel (got to my localhost), i have a certificat not trust error :
image

When open certificat, titi.devel is here :
image

When I make it with openssl, it work fine, but i want auto generate certificate with nodejs for many domain...

What did I not understand ?

Thank you for you'r help

@PascalPuchtler
Copy link

Hey,

i did not test it, but in my oppinion you need the following params:

clientCertificate: true
clientCertificateCN: 'titi.devel'

can you try it and give a response?

@apoutchika
Copy link

apoutchika commented Jun 22, 2020
edited
Loading

Hello,

Thank you for you're response. I have found the solution, it's because the Issuer attribute is the same of Subject attribute :
https://github.com/jfromaniello/selfsigned/blob/master/index.js#L67

I directly use node-forge for generate my certificate, it's work fine (the selfsigned code very help me for use node-forge plugin ;) )

@Envek Envek linked a pull request Sep 22, 2020 that will close this issue
Open
3 tasks
@Envek
Copy link

Envek commented Sep 22, 2020

Folks, please try #43 which implements certificate generation signed by your own CA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow to use private CA certificate and key pair to issue certificates Envek/selfsigned
4 participants
@Envek @apoutchika @zszszsz @PascalPuchtler