@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy
I'm trying to use this library to issue certificates (using ECDSA P-256 algorithm). I though I got something working, but then the generated CSR and leaf certificates can not always be verified by openssl. I tried to find a common cause, but to me it seems the signature is randomly invalid (at least from openssl point of view).
Hello there,
I'm trying to use this library to issue certificates (using ECDSA P-256 algorithm). I though I got something working, but then the generated CSR and leaf certificates can not always be verified by openssl. I tried to find a common cause, but to me it seems the signature is randomly invalid (at least from openssl point of view).
I have put together a reproduction script (should only require
npm i @peculiar/x509 @peculiar/webcrypto
, typescript andopenssl
in the path) to be executable. It can be found in this gist: https://gist.github.com/fmonniot/e94ed40e3902415ccb9ca5a1d932297e.Running this script multiple times yields different results: either the csr is valid, or the end cert is valid, or both, or neither :(
Is there a known format issue with
openssl
req -verify
andx509 -verify
commands?And last but not least, Thank you for writing this library !