pem

Create private keys and certificates with node.js

Installation

Install with npm

npm install pem

Examples

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server.

Basic https

var https = require('https')
var pem = require('pem')

pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {
  if (err) {
    throw err
  }
  https.createServer({ key: keys.serviceKey, cert: keys.certificate }, function (req, res) {
    res.end('o hai!')
  }).listen(443)
})

Express

var https = require('https')
var pem = require('pem')
var express = require('express')

pem.createCertificate({ days: 1, selfSigned: true }, function (err, keys) {
  if (err) {
    throw err
  }
  var app = express()

  app.get('/', function (req, res) {
    res.send('o hai!')
  })

  https.createServer({ key: keys.serviceKey, cert: keys.certificate }, app).listen(443)
})

API

Please have a look into the API documentation.

we had to clean up a bit

Custom extensions config file

You can specify custom OpenSSL extensions using the config or extFile options for createCertificate (or using csrConfigFile with createCSR).

extFile and csrConfigFile should be paths to the extension files. While config will generate a temporary file from the supplied file contents.

If you specify config then the v3_req section of your config file will be used.

The following would be an example of a Certificate Authority extensions file:

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]
commonName = Common Name
commonName_max = 64

[v3_req]
basicConstraints = critical,CA:TRUE

While the following would specify subjectAltNames in the resulting certificate:

[req]
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = host1.example.com
DNS.2 = host2.example.com
DNS.3 = host3.example.com

Note that createCertificate and createCSR supports the altNames option which would be easier to use in most cases.

Warning: If you specify altNames the custom extensions file will not be passed to OpenSSL.

Setting openssl location

In some systems the openssl executable might not be available by the default name or it is not included in $PATH. In this case you can define the location of the executable yourself as a one time action after you have loaded the pem module:

var pem = require('pem')
pem.config({
  pathOpenSSL: '/usr/local/bin/openssl'
})
// do something with the pem module

Specialthanks to

Andris Reinman (@andris9) - Initiator of pem

License

MIT

Name With Owner	Dexus/pem
Primary Language	JavaScript
Program language	JavaScript (Language Count: 3)
Platform
License:	Other

Created At	2012-06-23 06:33:57
Pushed At	2025-04-21 19:45:52
Last Commit At	2023-10-31 11:24:45
Release Count	47
Last Release Name	v1.14.8 (Posted on 2023-06-02 11:32:08)
First Release Name	v0.1.0 (Posted on 2012-06-25 19:56:44)

Stargazers Count	573
Watchers Count	14
Fork Count	128
Commits Count	456
Has Issues Enabled
Issues Count	136
Issue Open Count	8
Pull Requests Count	170
Pull Requests Open Count	13
Pull Requests Close Count	86

Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

pem

Github stars Tracking Chart

pem