Giter Club home page Giter Club logo

node-opcua-pki's Introduction

node-opcua-pki

Build Status Coverage Status install size FOSSA Status

Installation

install globally
$ npm install -g node-opcua-pki
$ crypto_create_CA --help
use with npx
npx node-opcua-pki --help
npx node-opcua-pki certificate --help

Note: see https://reference.opcfoundation.org/GDS/docs/F.1/

commands

command Help
demo create default certificate for node-opcua demos
createCA create a Certificate Authority
createPKI create a Public Key Infrastructure
certificate create a new certificate
csr create a new certificate signing request(CSR)
sign sign a CSR and generate a certificate
revoke revoke an existing certificate
dump display a certificate
toder convert a certificate to a DER format
fingerprint print the certificate fingerprint

Options: --help display help

create a PKI

node-opcua-pki createPKI

Options:

option description type default
-r, --root the location of the Certificate folder [string] [default: "{CWD}/certificates"]
--PKIFolder the location of the Public Key Infrastructure [string] [default: "{root}/PKI"]
-k, --keySize, --keyLength the private key size in bits (1024,2048,3072,4096) [number] [default: 2048]
-s, --silent minimize output [boolean] [default: false]

The result

└─ 📂certificates
    └─📂PKI
       ├─📂issuers
       │ ├─📂certs                 contains known Certificate Authorities' certificates
       │ └─📂crl                   contains Certificate Revocation List associates with the CA Certificates
       ├─📂own
       │ ├─📂certs                 where to store generated public certificates generated for the private key.
       │ └─📂private
       │    └─🔐private_key.pem  the private key in PEM format
       ├─📂rejected                  contains certificates that have been rejected.
       └─📂trusted
         ├─📂certs                 contains the X.509 v3 Certificates that are trusted.
         └─📂crl                   contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

create a Certificate Signing Request (CSR)

Options:

option description type default
-a, --applicationUri the application URI [string] [default: "urn:{hostname}:Node-OPCUA-Server"]
-o, --output the name of the generated signing_request [string] [default: "my_certificate_signing_request.csr"]
--dns the list of valid domain name (comma separated) [string] [default: "{hostname}"]
--ip the list of valid IPs (comma separated) [string] [default: ""]
--subject the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) [string] [default: "/CN=Certificate"]
-r, --root the location of the Certificate folder [string] [default: "{CWD}/certificates"]
--PKIFolder the location of the Public Key Infrastructure [string] [default: "{root}/PKI"]

Create a certificate authority

default value
--subject the CA certificate subject "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA"
--root, -r the location of the Certificate folder "{CWD}/certificates"
--CAFolder, -c the location of the Certificate Authority folder "{root}/CA"]
--keySize, -k, --keyLength the private key size in bits (1024, 2048 ,3072, 4096)

The result

└─ 📂certificates
    └─📂PKI
       ├─📂CA           Certificate Authority
       ├─📂rejected     The Certificate store contains certificates that have been rejected.
       │ ├─📂certs      Contains the X.509 v3 Certificates which have been rejected.
       ├─📂trusted      The Certificate store contains trusted Certificates.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are trusted.
       │ └─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
       ├─📂issuers      The Certificate store contains the CA Certificates needed for validation.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are needed for validation.
       │ ├─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

sign a signing request (requires a CA)

option description type default
-i, --csr the csr [string] [required] [default: "my_certificate_signing_request.csr"]
-o, --output the name of the generated certificate [string] [required] [default: "my_certificate.pem"]
-v, --validity the certificate validity in days [number] [default: 365]
-r, --root the location of the Certificate folder [string] [default: "{CWD}/certificates"]
-c, --CAFolder the location of the Certificate Authority folder [string] [default: "{root}/CA"]

demo command

this command creates a bunch of certificates with various characteristics for demo and testing purposes.

crypto_create_CA  demo [--dev] [--silent] [--clean]

Options:
--help       display help                                                
--dev       create all sort of fancy certificates for dev testing purposes
--clean     Purge existing directory [use with care!]                    
--silent, -s minimize output                                              
--root, -r the location of the Certificate folder {CWD}/certificates

Example:

$crypto_create_CA  demo --dev
certificate command
$crypto_create_CA certificate --help

Options:
--help display help
--applicationUri, -a the application URI urn:{hostname}:Node-OPCUA-Server
--output, -o the name of the generated certificate my_certificate.pem
--selfSigned, -s if true, the certificate will be self-signed false
--validity, -v the certificate validity in days
--silent, -s minimize output
--root, -r the location of the Certificate folder {CWD}/certificates
--CAFolder, -c the location of the Certificate Authority folder {root}/CA
--PKIFolder, -p the location of the Public Key Infrastructure {root}/PKI
--privateKey, -p optional:the private key to use to generate certificate
--subject the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )

References

prerequisite:

This module requires OpenSSL or LibreSSL to be installed.

On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need an internet connection open.

You need to install it on Linux, (or in your docker image), or on macOS

  • on ubuntu/Debian:
apt install openssl

or alpine:

apk add openssl

support:

Getting professional support

NodeOPCUA PKI is developed and maintained by sterfive.com.

To get professional support, consider subscribing to the node-opcua membership community:

Professional Support

or contact sterfive for dedicated consulting and more advanced support.

❤️ Supporting the development effort - Sponsors & Backers

If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.

If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.

node-opcua-pki's People

Contributors

erossignon avatar bompi88 avatar ceolinrenato avatar dependabot[bot] avatar everiaz avatar bartag512 avatar danihaag avatar ss-yogi avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.