subash / mkcert Goto Github PK

Create self signed ssl certificates without OpenSSL.

License: MIT License

JavaScript 34.81% TypeScript 65.19%

mkcert's Introduction

Create self signed tls certificates without OpenSSL.

Install

npm install -g mkcert

CLI

Create a Certificate Authority

$ mkcert create-ca --help

  Options:
    --organization [value]  organization name (default: "Test CA")
    --country-code [value]  country code (default: "US")
    --state [value]         state name (default: "California")
    --locality [value]      locality address (default: "San Francisco")
    --validity [days]       validity in days (default: 365)
    --key [file]            output key file (default: "ca.key")
    --cert [file]           output certificate file (default: "ca.crt")
    -h, --help              display help for command

Create a Certificate

$ mkcert create-cert --help

  Options:
    --ca-key [file]                  ca private key file (default: "ca.key")
    --ca-cert [file]                 ca certificate file (default: "ca.crt")
    --validity [days]                validity in days (default: 365)
    --key [file]                     output key file (default: "cert.key")
    --cert [file]                    output certificate file (default: "cert.crt")
    --organization [value]           optional organization name
    --email [value]                  optional email address
    --domains, --domain [values...]  domains or ip addresses (default: ["localhost","127.0.0.1"])
    -h, --help                       display help for command

API

import { createCA, createCert } from "mkcert";

const ca = await createCA({
  organization: "Hello CA",
  countryCode: "NP",
  state: "Bagmati",
  locality: "Kathmandu",
  validity: 365
});

const cert = await createCert({
  ca: { key: ca.key, cert: ca.cert },
  domains: ["127.0.0.1", "localhost"],
  validity: 365
});

console.log(cert.key, cert.cert); // certificate info
console.log(`${cert.cert}${ca.cert}`); // create full chain certificate by merging CA and domain certificates

mkcert's People

Contributors

Stargazers

Watchers

Forkers

guruvenkatesh17 thg303 geekincompany florimond priyankagupta34 cbodin nilesh199814 ramnarayana-janapala liulizhigh agenciavoolu niklaskallander tander71 kunjun

mkcert's Issues

Help achieving parity with golang mkcert CLI

Hi there! We are currently using the golang mkcert package to create a certificate, and we're in the process of migrating over to the npm version. I'm having difficulty achieving parity between the two.

Our script to install using the golang package looks like this:

# get and install mkcerts
go get github.com/FiloSottile/mkcert
# install ca into trusted store
go run github.com/FiloSottile/mkcert -install
# generate certificates
mkdir certs
go run github.com/FiloSottile/mkcert \
-cert-file=certs/arigato.tools+2.pem \
-key-file=certs/arigato.tools+2-key.pem \
arigato.tools localhost 127.0.0.1

The npm version:

npx mkcert create-ca
npx mkcert create-cert \
 --key certs/arigato.tools+2-key.pem \
 --cert certs/arigato.tools+2.pem \
 --domains "localhost,127.0.0.1,arigato.tools"

The npm version runs without failure and I see my key & cert files in the correct location. But when I start my web server, I get NET::ERR_CERT_AUTHORITY_INVALID. I think this is because when I create the CA, it just adds ca.key and ca.crt to the project root, rather than installing it in the system trust store. But the package documentation doesn't seem to indicate how to get it there.

Does this package have a way to install the CA in the system trust store?

Thanks!

If I use cert.key and cert.crt, then I get the unsafe warning:

Am I using this output wrong?