new ClientCertFactory(binpath, root_cert, domains, hash, curve, lifetime_days, subject_base)
- Source:
ClientCertFactory properties.
This function will throw an exception if the OpenSSL binary is not found.
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
binpath |
string | A path to the OpenSSL binary, global if falsey | |
root_cert |
string | The PEM string representing the root certificate authority. | |
domains |
Array | An array of DNS names to allow the certificates to authenticate. | |
hash |
string |
sha256
|
A string representing the hash function to sign the certificate with (ex. sha256) |
curve |
string |
prime256v1
|
The name of the eliptical curve to use (from `openssl ecparam -list_curves`). Different curves may or may not be supported by the version of OpenSSL you are using. |
lifetime_days |
number |
200
|
The number of days to issue certificates for. Certificates will automatically be valid from the time issued |
subject_base |
Object | An object specifiying some information to put on all the certificates. |
Methods
(async) create_cert(root_priv_key, common_name, use_extensions) → {Object}
- Source:
Create a client certificate.
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
root_priv_key |
string | The private key of the root certificate provided in the constructor, in PEM format. This argument is passed here instead of the constructor to allow removing the key from memory when it is not in use. | |
common_name |
string | Common name to use for the certificate, should be something unique/generated | |
use_extensions |
boolean |
true
|
Whether or not to use extensions restricting the use of the issued certificate. |
Returns:
An object with all of the generated values.
key is the private key in PEM format, key_raw is just the private key in base64, and fingerprint is the sha256 fingerprint
of the client certificate, in the format provided by the nodejs TLS engine.
- Type
- Object