npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

tl-create

v1.5.0

Published

Node command line tool to create a X.509 trust list from various trust stores

Downloads

30

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

peculiarventurespeculiarventuresrmhriskrmhriskmicroshinemicroshineworldthirteenworldthirteen

Keywords

Readme

tl-create

license Build Status NPM version

NPM

A cross platform command line tool to create a X.509 trust list from various trust stores.

There are various organizations that produce lists of certificates that they believe should be trusted for one thing or another. These include:

  • Mozilla list
  • Microsoft list,
  • Apple list
  • European Union "Trust Service Providers" list

Each of these lists have their own formats, this tool parses the lists provided by these other organizations and extracts the certificates that meet the specified criteria (for "email" as an example) and produces a PEM certificate bag these certificates.

For example to extract the roots that are trusted for email, code and web from both the EU Trust List and the Mozilla list the command would look like this:

node src/bin/tl-create.js --eutl --mozilla --for 'EMAIL_PROTECTION,CODE_SIGNING' --format pem roots.pem

This would produce a file that looked something like this:

 Country: UK
 Operator: European Commission
 Source: EUTL
 -----BEGIN CERTIFICATE-----
 ...
 ...
 -----END CERTIFICATE-----
 Operator: DigiCert, Inc
 For: email, www, code
 Source: Mozilla
 -----BEGIN CERTIFICATE-----
 ...
 ...
 -----END CERTIFICATE-----

Usage

Extract all Microsoft Roots

node src/bin/tl-create.js --microsoft --format pem roots.pem

Valid Microsoft trust purposes

  SERVER_AUTH
  CLIENT_AUTH
  CODE_SIGNING
  EMAIL_PROTECTION
  IPSEC_END_SYSTEM
  IPSEC_TUNNEL
  IPSEC_USER
  TIME_STAMPING
  OCSP_SIGNING
  IPSEC_PROTECTION
  DOCUMENT_SIGNING
  EFS_CRYPTO

Extract all Mozilla Roots

node src/bin/tl-create.js --mozilla --format pem roots.pem

Valid Mozilla trust purposes

  DIGITAL_SIGNATURE
  NON_REPUDIATION
  KEY_ENCIPHERMENT
  DATA_ENCIPHERMENT
  KEY_AGREEMENT
  KEY_CERT_SIGN
  CRL_SIGN
  SERVER_AUTH
  CLIENT_AUTH
  CODE_SIGNING
  EMAIL_PROTECTION
  IPSEC_END_SYSTEM
  IPSEC_TUNNEL
  IPSEC_USER
  TIME_STAMPING
  STEP_UP_APPROVED

Extract all Apple Roots

node src/bin/tl-create.js --apple --format pem roots.pem

Extract all AATL Roots

node src/bin/tl-create.js --aatl --format pem roots.pem

Valid AATL trust purposes

  ROOT
  CERTIFIED_DOCUMENTS
  DYNAMIC_CONTENT
  JAVASCRIPT

Extract all EUTL Roots

node src/bin/tl-create.js --eutl --format pem roots.pem

Extract only SERVER_AUTH certificates from Mozilla and Microsoft

node src/bin/tl-create.js --mozilla --microsoft --for "SERVER_AUTH" --format pem roots.pem

NOTE: The default is ALL purposes

Available output formats

js
pkijs
pem
files

The "files" format is intended to store all certificates in separate files under specific directory. For example if a certificate exists in Mozilla Trust List and has "SubjectKeyIdentifier" equal to "ABABABABABABABBB" the certificate content would be stored under "mozilla/ABABABABABABABBB". So, for Mozilla Trust List root directory would be "mozilla", for Microsoft - "microsoft", for Apple - "apple", for Cisco - "cisco".

NOTE: Default output format is 'js'

Install

git clone https://github.com/PeculiarVentures/tl-create.git
cd tl-create
npm install -g

Bug Reporting

Please report bugs either as pull requests or as issues in the issue tracker. tl-create has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.

TODO

Related