-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgenerateCertificate.js
111 lines (111 loc) · 2.5 KB
/
generateCertificate.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
const forge = require("node-forge");
const fs = require("fs");
const path = require("path");
function generateCertificate() {
const privateKeyPath = path.join("./", "private.pem");
const certPath = path.join("./", "primary.crt");
const cachedKey =
fs.existsSync(privateKeyPath) && fs.readFileSync(privateKeyPath);
const cachedCert = fs.existsSync(certPath) && fs.readFileSync(certPath);
if (cachedKey && cachedCert) {
return {
key: cachedKey,
cert: cachedCert
};
}
console.log("Generating SSL Certificate...");
const pki = forge.pki;
const keys = pki.rsa.generateKeyPair(2048);
const cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = "01";
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
const attrs = [
{
name: "commonName",
value: "shop.backend"
},
{
name: "countryName",
value: "UAE"
},
{
shortName: "ST",
value: "AbuDhabi"
},
{
name: "localityName",
value: "Bombel"
},
{
name: "organizationName",
value: "BombelCompany"
},
{
shortName: "OU",
value: "Test"
}
];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([
{
name: "basicConstraints",
cA: true
},
{
name: "keyUsage",
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
},
{
name: "extKeyUsage",
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
},
{
name: "nsCertType",
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
},
{
name: "subjectAltName",
altNames: [
{
type: 6, // URI
value: "http://example.org/webid#me"
},
{
type: 7, // IP
ip: "127.0.0.1"
}
]
},
{
name: "subjectKeyIdentifier"
}
]);
cert.sign(keys.privateKey, forge.md.sha256.create());
const privPem = pki.privateKeyToPem(keys.privateKey);
const certPem = pki.certificateToPem(cert);
fs.writeFileSync(privateKeyPath, privPem);
fs.writeFileSync(certPath, certPem);
return {
key: privPem,
cert: certPem
};
}
module.exports = generateCertificate;