5.1.0 • Published 9 months ago
myca-cli v5.1.0
myca
使用 openssl 和 node.js 创建自有 CA 中心(自签发CA证书或者上级CA签发的中级CA证书),签发自签名数字证书。支持创建多个 CA 中心。支持 RSA,EC(P-256, P-384)算法。
安装
npm install --save mycaCLI 命令行
- myca-cli
- 安装
npm i -g myca-cli - 命令行帮助
mycamyca initca -hmyca issue -h
Example
myca initca --days=10950 --alg=ec --pass=capass \ --cn="Root CA" --ou="waitingsong.com" --o="waitingsong" --l="CD" --c=CN \myca issue --kind=server --days=3650 --pass=mypass \ --cn="waitingsong.com" --o="waitingsong" --c=CN --caKeyPass=capass \ --centerName=default --alg=ec \ --ips="127.0.0.1, 192.168.0.1" \ --SAN="localhost"myca issue --kind=client --days=3650 --pass=mypass \ --cn="client" --o="it" --c=CN --caKeyPass=capss \ --centerName=default --alg=ec
使用
初始化默认中心
import { initDefaultCenter } from 'myca' await initDefaultCenter()初始化默认中心的 CA 自签发证书
import { initCaCert } from 'myca' const opts = { days: 10950, // 30years pass: 'mycapass', CN: 'My Root CA', // Common Name O: 'My Company', // Organization Name (eg, company) C: 'CN', // Country Name (2 letter code) } await initCaCert(opts)签发一张 RSA 服务器证书
import { genCert } from 'myca' const opts = { caKeyPass: 'mycapass', kind: 'server', // server cert days: 730, pass: 'fooo', // at least 4 letters CN: 'www.waitingsong.com', // Common Name OU: '', // Organizational Unit Name O: '', // Organization Name L: '', // Locality Name (eg, city) ST: '', // State or Province Name C: 'CN', // Country Name (2 letter code) emailAddress: '', } await genCert(opts) console.log(ret.cert) console.log(ret.crtFile) console.log(ret.privateUnsecureKey)创建额外的中心,并且自签发 EC 算法的 CA 证书 (默认 P-256)
import { initCenter, initCaCert } from 'myca' // 中心名centerName: ec, 路径: /opt/center-ec/ (可省略) await initCenter('ec', '/opt/center-ec') await myca.initCaCert({ centerName: 'ec', alg: 'ec', days: 10950, pass: 'mycapass', CN: 'My Root CA', O: 'My Company', C: 'CN', })使用指定的中心签发一张 RSA 服务器证书
import { genCert } from 'myca' const opts = { centerName: 'ec', // <--- 指定中心名: ec caKeyPass: 'mycapass', kind: 'server', days: 730, pass: 'fooo', CN: 'www.waitingsong.com', C: 'CN', } const ret = await genCert(opts) console.log(ret.cert) console.log(ret.crtFile) console.log(ret.privateUnsecureKey)签发 SAN 多域名服务器证书
import { genCert } from 'myca' const opts = { caKeyPass: 'mycapass', kind: 'server', days: 730, pass: 'fooo', CN: 'www.waitingsong.com', C: 'CN', SAN: ['foo.waitingsong.com', 'bar.waitingsong.com'], } await genCert(opts)签发 SAN 多ip服务器证书
import { genCert } from 'myca' const opts = { caKeyPass: 'mycapass', kind: 'server', days: 730, pass: 'fooo', CN: 'www.waitingsong.com', C: 'CN', // https://www.tbs-certificates.co.uk/FAQ/en/normes_tld.html // 10.0.0.0 – 10.255.255.255 // 172.16.0.0 – 172.31.255.255 // 192.168.0.0 – 192.168.255.255 ips: ['127.0.0.1', '192.168.0.1'], // not support ip mask } const ret = await genCert(opts) console.log(ret.cert)
签发一张 RSA p12/pfx 客户端证书
import { genCert } from 'myca' const opts = { caKeyPass: 'mycapass', kind: 'client', // pfx cert days: 730, pass: 'fooo', // at least 4 letters CN: 'www.waitingsong.com', // Common Name C: 'CN', // Country Name (2 letter code) } const ret = await genCert(opts) console.log(ret.pfxFile)
Packages
| Package | Version |
|---|---|
myca |  |
myca-cli |  |
License
Languages
5.1.0
9 months ago
5.0.0
9 months ago
4.1.7
10 months ago
4.1.4
10 months ago
4.1.3
10 months ago
4.0.4
10 months ago
4.1.6
10 months ago
4.1.5
10 months ago
4.1.0
10 months ago
4.1.2
10 months ago
4.2.0
9 months ago
4.1.1
10 months ago
3.2.0
5 years ago
3.1.1
5 years ago
3.1.0
5 years ago
3.0.0
5 years ago
2.0.1
5 years ago
2.0.0
5 years ago
0.2.4
5 years ago
0.2.3
5 years ago
0.2.2
6 years ago
0.2.1
6 years ago
0.2.0
6 years ago
0.1.1
6 years ago
0.1.0
6 years ago