npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

tls-keygen

v3.7.0

Published

Generate a self-signed TLS certificate and add it to the trusted certificate store.

Downloads

5,962

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sebseb

Keywords

localhostssltlscertificateself-signed

Readme

tls-keygen

Generates a self-signed, trusted TLS certificate that is accepted by browsers for localhost development.

The generated private key (key.pem) and public certificate (cert.pem) files are compatible with Node.js and most other servers.

The generated public certificate (cert.pem) file is added to the native certificate store on Windows, MacOS, and Linux for automatic HTTPS and HTTP/2 browser support.

| | Chrome | Safari | Edge | Firefox | |---------|:------:|:------:|:----:|:-------:| | MacOS | ✅ | ✅ | | | | Windows | ✅ | | ✅ | | | Linux | ✅ | | | ✅ |

Note: Linux support requires the certutil command to be installed. On Ubuntu and Debian, run: sudo apt-get install libnss3-tools

Use Cases

Easily use TLS in locally hosted websites. Using HTTP/2 or some web platform API's requires the page to be served from an https:// origin. This tool makes it easy to generate the necessary key & certificate files.

The generated certificates are not useful in production deployments on the public internet since they are self-signed and only for local addresses. However they could be used, in combination with local DNS hijacking (e.g. /etc/hosts overrides) to mimick production systems locally.

CLI

npx tls-keygen
npx tls-keygen "key.pem" "cert.pem" [--skip-entrust] [--add-san <name>]

The arguments key.pem and cert.pem are, optionally, the output destination filepaths for the TLS private key and public certificate respectively.

The --skip-entrust option generates the key & certificate pair without registering the certificate with the operating system certificate store.

The --add-san <name> option appends a single name for which this certificate is valid. The <name> value must be either a DNS hostname or IP address. This list is recorded in the certificate as the Subject Alternative Names (SAN).

| Type | Example | |------|---------| | DNS | --add-san DNS:foo.local | | IPv4 | --add-san IP:172.16.1.2 | | IPv6 | --add-san IP:fe80::200:5aee:feaa:20a2 |

Output

Key:
🔑 /Users/seb/key.pem

Certificate:
📜 /Users/seb/cert.pem

Common Name:
  - 🏷  localhost

Subject Alternative Names:
  - 🏷  DNS:localhost
  - 🏷  DNS:*.localhost
  - 🏷  DNS:localhost.localdomain
  - 🏷  IP:127.0.0.1
  - 🏷  IP:0.0.0.0
  - 🏷  IP:::1
  - 🏷  IP:::

🔐 Done!

API

keygen(options)

const {keygen} = require('tls-keygen')

// Returns a promise that
// resolves with `key` and `cert` file paths.
const {key, cert} = await keygen({
  // Default: ./key.pem
  key: '/path/to/output/key.pem',

  // Default: ./cert.pem
  cert: '/path/to/output/cert.pem',

  // Default: localhost
  commonName: 'example.net',

  // Default: [
  //   'DNS:localhost',
  //   'DNS:*.localhost',
  //   'DNS:localhost.localdomain',
  //   'IP:127.0.0.1',
  //   'IP:0.0.0.0',
  //   'IP:::1',
  //   'IP:::'
  // ]
  subjectAltName: [
    'DNS:example.net',
    'DNS:www.example.net'
  ],

  // Set to `false` to skip adding the certificate
  // to the trusted certificate store.
  // Default: true
  entrust: false
})

The default options are exported for convenience.

const {
  defaultKey,
  defaultCert,
  defaultCommonName,
  defaultSubjectAltName
} = require('tls-keygen')

ephemeral(options)

Convenience utility to generate a key & certificate for in-memory use only. Handy when writing tests that use TLS (e.g. HTTPS, HTTP/2).

Accepts the same options as keygen() (see above), except that the key and cert file paths are ignored.

Returns a promise that resolves to an object with fields key and cert that are two Buffers containing the raw key and certificate data.

const {ephemeral} = require('tls-keygen')

const {key, cert} = await ephemeral(options)
// key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 ... >
// cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 ... >

Browser Support

  • MacOS: Safari and Chrome using Keychain
  • Windows: Edge and Chrome using Certificate Service
  • Linux: Firefox and Chrome using NSS

Note: Firefox may require a restart to accept the certificate.

Graceful Fallback

Usage with clients that do not support the native operating system certificate stores is the same as regular self-signed certificates.

  • Node.js: Use the rejectUnauthorized: false TLS option.
  • Curl: Use the --insecure option (alias: -k).
  • Firefox: Press "Advanced", then "Add Exception...", and finally "Confirm Security Exception".

Server Support

Colophon

Made with 💝 by Sebastiaan Deckers in 🇸🇬 Singapore.