Skip to content

Create Self-signed CA certificate for development use and issue server or client certificates, generated using openssl

License

Notifications You must be signed in to change notification settings

waitingsong/node-myca-cli

Repository files navigation

myca-cli

A command line for myca for creating my CA center, generating a self signed x509 certificate, issuing server certificate from node.js via openssl. Multiple center supported. RSA, EC(P-256, P-384) supported.

Version License

Installing

npm install -g myca-cli

myca module

Usage

  • Initialize default center

    myca init

    will output:

    Default center created at path: "C:\Users\<user>\.myca"
  • Initialize CA cert of default center

    myca initca --days=10950 --pass=mycapass \
      --cn="my root ca" --o="my company" --c=CN \

    will output:

    CA certificate created with:
      centerName: "default"
      crtFile: "C:\Users\<user>\.myca\ca.crt"
      privateKeyFile: "C:\Users\<user>\.myca\ca.key"
  • Issue a RSA serve certificate

    myca issue --kind=server --days=730 --pass=fooo \
      --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \

    will output:

    Issue a Certificate with:
      pubKey:
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJunjvIoZ5bFQsA9D/1A
    MHt36viM7AJZFpQdmVuTLUZXEiTFU6gMdBarikHsXt0xRPcnGHiP1hgSsTIh2j1k
    3HiNinwfV/MePvy/8f/XWY+J3BbljQCPQmtUIZAnBebiVcvQrL1cP4l5xgJiv5/p
    EdRhCs92J/1MMDxhp41BzatBKwbQJ7UQtLnTdWXCs/qptTgaD6vh4a3snWHlfatg
    TsfzjmSmiXcEYGZM9z6tDrSjR9kBZoog+9DTh+FCdVaasL7QvYlWlOzsjSO2yvLX
    lYQJ9VJbBGxV0cOKbmPm46aMK6n5br/75CAm8cHyfgsE0MhxH2uxQW3leUy+3MHK
    ZwIDAQAB
    -----END PUBLIC KEY-----
    
      pass: "fooo"
      privateKeyFile: "C:\Users\<user>\.myca\server\01.key"
      privateUnsecureKeyFile: "C:\Users\<user>\.myca\server\01.key.unsecure"
      centerName: "default"
      caKeyFile: "C:\Users\<user>\.myca\ca.key"
      caCrtFile: "C:\Users\<user>\.myca\ca.crt"
      csrFile: "C:\Users\<user>\.myca\server\01.csr"
      crtFile: "C:\Users\<user>\.myca\server\01.crt"
  • Initialize a center named ec

    // path can be omitted
    myca initcenter --name=ec --path="c:/users/<user>/.myca-ec"

    will output:

    center created with:
      centerName: "ec"
      path: "c:/users/<user>/.myca-ec"
  • Create self-signed EC CA certificate under center ec (default P-256)

    myca initca --days=10950 --pass=mycapass \
      --cn="my root ca" --o="my company" --c=CN --centerName=ec --alg=ec \

    will output:

    CA certificate created with:
      centerName: "ec"
      crtFile: "c:\users\<user>\.myca-ec\ca.crt"
      privateKeyFile: "c:\users\<user>\.myca-ec\ca.key"
  • Issue a ec server certificate by center ec CA cert

    myca issue --kind=server --days=730 --pass=fooo \
      --cn="foo.waitingsong.com" --o="my comany" --c=CN --caKeyPass=mycapass \
      --centerName=ec --alg=ec \
  • Issue a serve certificate with Domain Name SANs

    myca issue --kind=server --days=730 --pass=fooo \
      --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \
      --SAN="foo.waitingsong.com, bar.waitingsong.com" \
  • Issue a serve certificate with IP SANs

    myca issue --kind=server --days=730 --pass=fooo \
      --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \
      --ips=192.168.0.1 \
    
    myca issue --kind=server --days=730 --pass=fooo \
      --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \
      --ips="192.168.0.1, 192.168.0.2" \
  • Issue a RSA client p12/pfx certificate

    myca issue --kind=client --days=730 --pass=fooo \
      --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \

    will output:

    Issue a Certificate with:
      pubKey:
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu8wZDZ0a/HNtlJPqCjs
    9Isg795iUAJ+5OREb08hPthDN4/LOoLgepIyWbZ/A+0Gv8jHkbqlUvOJV5O5ggjR
    ezpK3jXln621nbjS3Fzs/uw4+40e4RX7fYIoE9sk94rP+od1ZMRjE8+e+qb34ubC
    WiXtsyR4EyaRen23IqLNlvxGlcg4xLczaCDA06zkva+wL7qvLYF2331X/rZ+dQgY
    xh6iWKO7C9qcliF23OOByYIKS8jqQ8ngwHIEogIqNBdt/QyEVN7CvF4M6abQnrrx
    9wnnmlaRX2WiybsA06wWl7+4BgKjeULehCVQOpMsS/3QV1dO79vn9hZWM/dAPlnF
    QwIDAQAB
    -----END PUBLIC KEY-----
    
      pass: "fooo"
      privateKeyFile: "C:\Users\<user>\.myca\client\0A.key"
      centerName: "default"
      caKeyFile: "C:\Users\<user>\.myca\ca.key"
      caCrtFile: "C:\Users\<user>\.myca\ca.crt"
      csrFile: "C:\Users\<user>\.myca\client\0A.csr"
      crtFile: "C:\Users\<user>\.myca\client\0A.crt"
      pfxFile: "C:\Users\<user>\.myca\client\0A.p12"

License

MIT

Languages

About

Create Self-signed CA certificate for development use and issue server or client certificates, generated using openssl

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published