npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-opcua-pki

v4.16.0

Published

PKI management for node-opcua

Downloads

104,282

Readme

node-opcua-pki

NPM download NPM version Build Status Coverage Status install size FOSSA Status

Installation

install globally
$ npm install -g node-opcua-pki
$ crypto_create_CA --help
use with npx
npx node-opcua-pki --help
npx node-opcua-pki certificate --help

Note: see https://reference.opcfoundation.org/GDS/docs/F.1/

commands

| command | Help | | ----------- | ----------------------------------------------- | | demo | create default certificate for node-opcua demos | | createCA | create a Certificate Authority | | createPKI | create a Public Key Infrastructure | | certificate | create a new certificate | | csr | create a new certificate signing request(CSR) | | sign | sign a CSR and generate a certificate | | revoke | revoke an existing certificate | | dump | display a certificate | | toder | convert a certificate to a DER format | | fingerprint | print the certificate fingerprint |

Options: --help display help

create a PKI

node-opcua-pki createPKI

Options:

| option | description | type | default | | -------------------------- | -------------------------------------------------- | --------- | ------------------------------- | | -r, --root | the location of the Certificate folder | [string] | [default: "{CWD}/certificates"] | | --PKIFolder | the location of the Public Key Infrastructure | [string] | [default: "{root}/PKI"] | | -k, --keySize, --keyLength | the private key size in bits (1024,2048,3072,4096) | [number] | [default: 2048] | | -s, --silent | minimize output | [boolean] | [default: false] |

The result

└─ 📂certificates
    └─📂PKI
       ├─📂issuers
       │ ├─📂certs                 contains known Certificate Authorities' certificates
       │ └─📂crl                   contains Certificate Revocation List associates with the CA Certificates
       ├─📂own
       │ ├─📂certs                 where to store generated public certificates generated for the private key.
       │ └─📂private
       │    └─🔐private_key.pem  the private key in PEM format
       ├─📂rejected                  contains certificates that have been rejected.
       └─📂trusted
         ├─📂certs                 contains the X.509 v3 Certificates that are trusted.
         └─📂crl                   contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

create a Certificate Signing Request (CSR)

Options: | option | description | type | default | |---------------------|-------------------------------------------------|--------|-----------------------------------------------| |-a, --applicationUri |the application URI |[string]|[default: "urn:{hostname}:Node-OPCUA-Server"] | |-o, --output | the name of the generated signing_request |[string]|[default: "my_certificate_signing_request.csr"]| |--dns | the list of valid domain name (comma separated) |[string]|[default: "{hostname}"] | |--ip | the list of valid IPs (comma separated) |[string]|[default: ""] | |--subject | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )|[string]| [default: "/CN=Certificate"]| |-r, --root | the location of the Certificate folder |[string]|[default: "{CWD}/certificates"] | |--PKIFolder | the location of the Public Key Infrastructure |[string]|[default: "{root}/PKI"] |

Create a certificate authority

| | | default value | | -------------------------------- | ------------------------------------------------ | ------------------------------------------------------------------------------- | | --subject | the CA certificate subject | "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA" | | --root, -r | the location of the Certificate folder | "{CWD}/certificates" | | --CAFolder, -c | the location of the Certificate Authority folder | "{root}/CA"] | | --keySize, -k, --keyLength | the private key size in bits (1024, 2048 ,3072, 4096)| |

The result

└─ 📂certificates
    └─📂PKI
       ├─📂CA           Certificate Authority
       ├─📂rejected     The Certificate store contains certificates that have been rejected.
       │ ├─📂certs      Contains the X.509 v3 Certificates which have been rejected.
       ├─📂trusted      The Certificate store contains trusted Certificates.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are trusted.
       │ └─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
       ├─📂issuers      The Certificate store contains the CA Certificates needed for validation.
       │ ├─📂certs      Contains the X.509 v3 Certificates that are needed for validation.
       │ ├─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.

sign a signing request (requires a CA)

| option | description | type | default | | -------------- | ------------------------------------------------ | ------------------- | ----------------------------------------------- | | -i, --csr | the csr | [string] [required] | [default: "my_certificate_signing_request.csr"] | | -o, --output | the name of the generated certificate | [string] [required] | [default: "my_certificate.pem"] | | -v, --validity | the certificate validity in days | [number] | [default: 365] | | -r, --root | the location of the Certificate folder | [string] | [default: "{CWD}/certificates"] | | -c, --CAFolder | the location of the Certificate Authority folder | [string] | [default: "{root}/CA"] |

demo command

this command creates a bunch of certificates with various characteristics for demo and testing purposes.

crypto_create_CA  demo [--dev] [--silent] [--clean]

Options:

| | | | | ------------ | -------------------------------------------------------------- | ------------------ | | --help       | display help                                                 | | | --dev       | create all sort of fancy certificates for dev testing purposes | | | --clean     | Purge existing directory [use with care!]                     | | | --silent, -s | minimize output                                               | | | --root, -r | the location of the Certificate folder | {CWD}/certificates |

Example:

$crypto_create_CA  demo --dev
certificate command
$crypto_create_CA certificate --help

Options:

| | | | | -------------------- | ---------------------------------------------------------------------------------------------- | -------------------------------- | | --help | display help | | | --applicationUri, -a | the application URI | urn:{hostname}:Node-OPCUA-Server | | --output, -o | the name of the generated certificate | my_certificate.pem | | --selfSigned, -s | if true, the certificate will be self-signed | false | | --validity, -v | the certificate validity in days | | | --silent, -s | minimize output | | | --root, -r | the location of the Certificate folder | {CWD}/certificates | | --CAFolder, -c | the location of the Certificate Authority folder | {root}/CA | | --PKIFolder, -p | the location of the Public Key Infrastructure | {root}/PKI | | --privateKey, -p | optional:the private key to use to generate certificate | | | --subject | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) | |

examples
  • create a self-signed certificate
npx node-opcua-pki certificate --dns=machine1.com,machine2.com --ip="192.1.2.3;192.3.4.5" -a 'urn:{hostname}:My-OPCUA-Server' --selfSigned -o  my_self_signed_certificate.pem

References

  • https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
  • https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
  • https://tools.ietf.org/html/rfc5280

prerequisite:

This module requires OpenSSL or LibreSSL to be installed.

On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need an internet connection open.

You need to install it on Linux, (or in your docker image), or on macOS

  • on ubuntu/Debian:
apt install openssl

or alpine:

apk add openssl

Support

Sterfive provides this module free of charge, “as is,” with the hope that it will be useful to you. However, any support requests, bug fixes, or enhancements are handled exclusively through our paid services. We believe strongly that independent open-source companies should be fairly compensated for their contributions to the community.

We highly recommend subscribing to our support program to ensure your requests are addressed and resolved. Please note that we only consider requests from members of our support program or sponsors.

Getting professional support

NodeOPCUA PKI is developed and maintained by sterfive.com.

To get professional support, consider subscribing to the node-opcua membership community:

Professional Support

or contact sterfive for dedicated consulting and more advanced support.

:heart: Supporting the development effort - Sponsors & Backers

If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and sponsoring us, this will help us to maintain a high-quality stack and constant evolution of this module.

If your company would like to participate and influence the development of future versions of node-opcua please contact sterfive.