How to use the node-forge.pki.createCertificate function in node-forge
To help you get started, we’ve selected a few node-forge examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mreinstein / alexa-verifier / test / validate-cert.js View on Github 
function createInvalidCert () {
var keys = pki.rsa.generateKeyPair(512)
var cert = pki.createCertificate()
cert.publicKey = keys.publicKey
// alternatively set public key from a csr
//cert.publicKey = csr.publicKey
cert.serialNumber = '01'
cert.validity.notBefore = new Date()
cert.validity.notAfter = new Date()
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
var attrs = [{
name: 'commonName',
value: 'example.org'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Virginia'.then(({privateKey, publicKey}) => {
const cert = pki.createCertificate();
cert.publicKey = publicKey;
const date = moment();
cert.validity.notBefore = date.clone().toDate();
cert.validity.notAfter = date.clone().add(cfg.days, 'days').toDate();
cert.serialNumber = serialNumber || crypto.randomBytes(serialNumberBytes).toString('hex');
// Apply subject attributes
const subject = buildSubjectFromOptions({commonName, attributes});
cert.setSubject(subject);
cert.setIssuer(subject);
// Apply template to certificate
if (templates[cfg.template].buildCA) {
templates[cfg.template].buildCA(cert, {commonName});
}
cert.sign(privateKey, md.sha256.create());
return {privateKey, cert};
})generateCertificate(domain: string): GeneratedCertificate {
// TODO: Expire domains from the cache? Based on their actual expiry?
if (this.certCache[domain]) return this.certCache[domain];
let cert = pki.createCertificate();
cert.publicKey = KEYS.publicKey;
cert.serialNumber = uuid().replace(/-/g, '');
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
// TODO: shorten this expiry
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
cert.setSubject([
{ name: 'commonName', value: domain },
{ name: 'organizationName', value: 'Mockttp Cert - DO NOT TRUST' }
]);
cert.setIssuer(this.caCert.subject.attributes);
cert.setExtensions([{.then(({csr, index, serial}) => {
if (!csr.verify()) {
throw new Error('The certificate request file is not in a valid X509 request format.');
}
const cert = pki.createCertificate();
cert.publicKey = csr.publicKey;
cert.serialNumber = serialNumber || crypto.randomBytes(serialNumberBytes).toString('hex');
const date = moment();
cert.validity.notBefore = date.clone().toDate();
cert.validity.notAfter = date.clone().add(cfg.days, 'days').toDate();
// Apply subject attributes
const subject = buildSubjectFromOptions({commonName, attributes});
cert.setSubject(subject);
cert.setIssuer(this.ca.cert.subject.attributes);
// Apply template to certificate
if (templates[cfg.template].signReq) {
templates[cfg.template].signReq(cert, {subject, type, ca: this.ca});
}
cert.sign(this.ca.privateKey, md.sha256.create());
return Promise.resolve({cert, serial, commonName})
.tap(() => {function createCertificateAuthority(keyPair: pki.KeyPair): CertificateAuthorityPair {
const startDate = new Date();
const certificate = pki.createCertificate();
certificate.publicKey = keyPair.publicKey;
certificate.serialNumber = getSerial();
certificate.validity.notBefore = startDate;
certificate.validity.notAfter = getExpirationDate(startDate);
certificate.setExtensions([{
name: 'basicConstraints',
cA: true
}]);
const attributes = [
{
name: 'commonName',
value: 'phoenixmatrix_do_not_trust'
},
{
name: 'organizationName',function getCertKeyPair() {
const pki = require('node-forge').pki;
var keys = pki.rsa.generateKeyPair(1024);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
var attrs = [{
name: 'commonName',
value: 'example.org'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Virginia'
}, {
name: 'localityName',name: 'organizationName',
value: 'do_not_trust_phoenixmatrix'
}, {
name: 'countryName',
value: 'US'
}];
csr.setSubject(attrs);
csr.sign(keys.privateKey, md.sha256.create());
const caKeyPem = yield fs.readFileAsync(caKeyPath);
const caKey = pki.privateKeyFromPem(caKeyPem);
const caCertPem = yield fs.readFileAsync(caCertPath);
const caCert = pki.certificateFromPem(caCertPem);
var certificate = pki.createCertificate();
certificate.serialNumber = getSerial();
certificate.validity.notBefore = new Date();
const expiration = moment(certificate.validity.notBefore);
expiration.add(config.certificateExpiration, 'days');
certificate.validity.notAfter = expiration.toDate();
certificate.setSubject(csr.subject.attributes);
certificate.setIssuer(caCert.subject.attributes);
certificate.publicKey = csr.publicKey;
certificate.sign(caKey, md.sha256.create());
const serverCertificate = pki.certificateToPem(certificate);
const serverKey = pki.privateKeyToPem(keys.privateKey);
yield Promise.all([const createCertificateAuthority = async(function* () {
const certificate = pki.createCertificate();
certificate.publicKey = keys.publicKey;
certificate.serialNumber = getSerial();
certificate.validity.notBefore = new Date();
certificate.validity.notAfter = new Date();
certificate.validity.notAfter.setFullYear(certificate.validity.notBefore.getFullYear() + 1);
const attrs = [{
name: 'commonName',
value: 'phoenixmatrix_do_not_trust'
}, {
name: 'organizationName',
value: 'do_not_trust_phoenixmatrix'
}, {
name: 'countryName',
value: 'US'
}];node-forge
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Package Health Score
77 / 100Popular node-forge functions
- node-forge.asn1
- node-forge.cipher
- node-forge.jsbn
- node-forge.md
- node-forge.pem
- node-forge.pkcs12
- node-forge.pkcs5
- node-forge.pkcs7
- node-forge.pki
- node-forge.pki.certificateFromPem
- node-forge.pki.certificateToPem
- node-forge.pki.createCertificate
- node-forge.pki.privateKeyFromPem
- node-forge.pki.privateKeyToPem
- node-forge.pki.publicKeyFromPem
- node-forge.pki.publicKeyToPem
- node-forge.pki.rsa
- node-forge.random
- node-forge.rsa
- node-forge.util