self-signed-tls-cert-generator
v0.1.1
Published
A simple CLI NodeJS script to generate self-signed TLS certs really quickly and easily (by using configured defaults)
Downloads
15
Maintainers
Readme
#self-signed-tls-cert-generator
A simple CLI NodeJS script to generate self-signed TLS certs (single common name or, experimentally, SAN certificates) really quickly and easily (by using configured defaults). Note that this is a script, not a consumable module.
##Requirements
- NodeJS or IOJS
- npm or git (see below)
- *nix (Mac OSX, Linux etc.) operating system - Windows will not work unless you have cygwin etc. installed
##Installation
The simplest way is via npm (-g
for global install which make it globally availanle in your *nix CLI):
npm install self-signed-tls-cert-generator -g
Or via git clone
:
git clone https://github.com/neilstuartcraig/self-signed-tls-cert-generator
npm install -g
##Usage In your shell/terminal/console (assuming you've done a global install), simply type (tab auto-complete will be your friend as the filename is long:
###Simple (single common name, accepting all defaults)
self-signed-tls-cert-generator <common name>
Where <common name>
is the host name (e.g. www.example.org
) for which you want to generate a self-signed TLS certificate. For example:
self-signed-tls-cert-generator www.example.org
###More complex (single common name, overriding defaults):
self-signed-tls-cert-generator <options> <common name>
Where <options>
are specified as -<option name> <optionvalue>
or -<option name>=<optionvalue>
e.g. -keyLength 4096
and/or -certNumDaysValid 90
. For example:
self-signed-tls-cert-generator -keyLength 4096 -certNumDaysValid 90 www.example.org
###Simple (SAN, accepting all defaults)
self-signed-tls-cert-generator <common name1> <common name2> <common name3>
Where <common name(1,2,3)>
are the host names to be included in the SAN certificate (e.g. www.example.org
) for which you want to generate a self-signed TLS certificate. For example:
self-signed-tls-cert-generator www.example.org www.example.com www.example.net
###Options
You can specify zero or more options (as per the example above). The available options and their defaults are listed in the config file, in the opts
object. Currently (I'll try to keep this up to date but the canonical source of truth is the config file):
// Key
keyLength:2048, // Number of bits
keyType:"des3",
// CSR
certCountry:"GB",
certState:"Oxfordshire",
certLocality:"Oxford",
certOrgName:"Example org",
certOrgUnit:"Example org unit",
certEmailAddress:"[email protected]",
certChallengePassword:null,
certCompanyName:null,
certDigest:"sha256",
certNumDaysValid:3650 // ~10 years
##Output If it succeeds, the script will output 2 files in the current working directory, a private key and the TLS certificate, which will be named for the specified common name, e.g.:
<common name>.key
<common name>.pem
###Keys Note that the private key generated has no passphrase.
##Roadmap I'll be honnest, this project might not end up receiving a lot of my time but...I do have a few things I want to do:
- Add some automated testing and test all options combinations
- Verify SAN cert generation works!
- Add the option to specify an output directory