selfsigned

property cA

cA?: boolean;

• Is this a CA certificate?

property critical

critical?: boolean;

• Mark extension as critical

property name

name: 'basicConstraints';

property pathLenConstraint

pathLenConstraint?: number;

• Maximum depth of valid certificate chain

property extensions

extensions?: any[] | undefined;

property value

value?: any[] | string | undefined;

property valueConstructed

valueConstructed?: boolean | undefined;

property valueTagClass

valueTagClass?: ASN1Class | undefined;

property name

name?: string | undefined;

property shortName

shortName?: string | undefined;

property type

type?: string | undefined;

property algorithm

algorithm?: string;

• Signature algorithm for client certificate inherits from main algorithm or "sha1"

property cn

cn?: string;

• Client certificate's common name "John Doe jdoe123"

property curve

curve?: 'P-256' | 'P-384' | 'P-521';

• Elliptic curve for client certificate (EC only) "P-256"

property keySize

keySize?: number;

• Key size for the client certificate in bits (RSA only) 2048

property keyType

keyType?: 'rsa' | 'ec';

• Key type for client certificate inherits from main keyType

property notAfterDate

notAfterDate?: Date;

• The date after which the client certificate should not be valid notBeforeDate + 1 year

property notBeforeDate

notBeforeDate?: Date;

• The date before which the client certificate should not be valid now

property clientAuth

clientAuth?: boolean;

• TLS client authentication

property codeSigning

codeSigning?: boolean;

property critical

critical?: boolean;

• Mark extension as critical

property emailProtection

emailProtection?: boolean;

property name

name: 'extKeyUsage';

property serverAuth

serverAuth?: boolean;

• TLS server authentication

property timeStamping

timeStamping?: boolean;

property cert

cert: string;

property clientcert

clientcert?: string;

property clientpkcs7

clientpkcs7?: string;

property clientprivate

clientprivate?: string;

property clientpublic

clientpublic?: string;

property fingerprint

fingerprint: string;

property pkcs7

pkcs7?: string;

property private

private: string;

property public

public: string;

property contentCommitment

contentCommitment?: boolean;

• Also known as contentCommitment

property critical

critical?: boolean;

• Mark extension as critical

property cRLSign

cRLSign?: boolean;

• For CA certificates

property dataEncipherment

dataEncipherment?: boolean;

property decipherOnly

decipherOnly?: boolean;

property digitalSignature

digitalSignature?: boolean;

property encipherOnly

encipherOnly?: boolean;

property keyAgreement

keyAgreement?: boolean;

property keyCertSign

keyCertSign?: boolean;

• For CA certificates

property keyEncipherment

keyEncipherment?: boolean;

property name

name: 'keyUsage';

property nonRepudiation

nonRepudiation?: boolean;

property algorithm

algorithm?: string;

• The signature algorithm: sha256, sha384, sha512 or sha1 "sha1"

property ca

ca?: {
    /** CA private key in PEM format */
    key: string;
    /** CA certificate in PEM format */
    cert: string;
};

• CA certificate and key for signing (if not provided, generates self-signed)

property clientCertificate

clientCertificate?: boolean | ClientCertificateOptions;

• generate client cert signed by the original key Can be true for defaults or an options object false

property clientCertificateCN

clientCertificateCN?: string;

• client certificate's common name "John Doe jdoe123"

  Deprecated

  Use clientCertificate.cn instead

property clientCertificateKeySize

clientCertificateKeySize?: number;

• the size for the client private key in bits 2048

  Deprecated

  Use clientCertificate.keySize instead

property curve

curve?: 'P-256' | 'P-384' | 'P-521';

• The elliptic curve to use (EC only): "P-256", "P-384", or "P-521" "P-256"

property extensions

extensions?: CertificateExtension[];

• Certificate extensions. Supports basicConstraints, keyUsage, extKeyUsage, and subjectAltName. If not provided, defaults are used including DNS SAN matching commonName.

  Example 1

  extensions: [
    { name: 'basicConstraints', cA: false },
    { name: 'keyUsage', digitalSignature: true, keyEncipherment: true },
    { name: 'subjectAltName', altNames: [
      { type: 2, value: 'localhost' },
      { type: 7, ip: '127.0.0.1' },
      { type: 7, ip: '::1' }
    ]}
  ]

property keyPair

keyPair?: {
    privateKey: string;
    publicKey: string;
};

• existing key pair to use instead of generating new keys

property keySize

keySize?: number;

• the size for the private key in bits (RSA only) 2048

property keyType

keyType?: 'rsa' | 'ec';

• Key type: "rsa" or "ec" (elliptic curve) "rsa"

property notAfterDate

notAfterDate?: Date;

• The date after which the certificate should not be valid

  notBeforeDate + 365 days

property notBeforeDate

notBeforeDate?: Date;

• The date before which the certificate should not be valid

  now

property passphrase

passphrase?: string;

• Passphrase to encrypt the private key (PKCS#8 encrypted format) When provided, the private key will be encrypted using AES-256-CBC

property pkcs7

pkcs7?: boolean;

• include PKCS#7 as part of the output false

property ip

ip?: string;

• IP address for type 7 (IPv4 or IPv6)

property type

type: 1 | 2 | 6 | 7;

• Type of the alternative name: - 1: email (rfc822Name) - 2: DNS name - 6: URI - 7: IP address

property value

value?: string;

• Value for types 1, 2, 6 (email, DNS, URI)

property altNames

altNames: SubjectAltNameEntry[];

property critical

critical?: boolean;

• Mark extension as critical

property name

name: 'subjectAltName';

member APPLICATION

APPLICATION = 0x40

member CONTEXT_SPECIFIC

CONTEXT_SPECIFIC = 0x80

member PRIVATE

PRIVATE = 0xc0

member UNIVERSAL

UNIVERSAL = 0x00