I tried to achieve the same using the selfigned and experimente with example provided in README.ms (option section):
var pems = selfsigned.generate(null, {
keySize: 2048, // the size for the private key in bits (default: 1024)
days: 30, // how long till expiry of the signed certificate (default: 365)
algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1')
extensions: [{ name: 'basicConstraints', cA: true }], // certificate extensions array
pkcs7: true, // include PKCS#7 as part of the output (default: false)
clientCertificate: true, // generate client cert signed by the original key (default: false)
clientCertificateCN: 'jdoe' // client certificate's common name (default: 'John Doe jdoe123')
});
I removed the lines :
extensions: [{ name: 'basicConstraints', cA: true }], // certificate extensions array
pkcs7: true, // include PKCS#7 as part of the output (default: false)
I used the this inside my javascript:
var pems = selfsigned.generate(null, {
keySize: 2048, // the size for the private key in bits (default: 1024)
days: 30, // how long till expiry of the signed certificate (default: 365)
algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1')
clientCertificate: true, // generate client cert signed by the original key (default: false)
clientCertificateCN: 'jdoe' // client certificate's common name (default: 'John Doe jdoe123')
});
I writed the generted clientcert to file and runned the openssl to view the ceertificate information
openssl x509 -text -noout -in Ilja.cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:b1:c1:ea:c2:15:88:63:43
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN = example.org, C = US, ST = Virginia, L = Blacksburg, O = Test, OU = Test
Validity
Not Before: Sep 14 06:06:46 2021 GMT
Not After : Sep 14 06:06:46 2022 GMT
Subject: CN = jdoe, C = US, ST = Virginia, L = Blacksburg, O = Test, OU = Test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:f0:0e:e9:82:be:8d:2f:3f:32:62:39:6d:26:87:
f9:4e:3a:63:a3:bc:65:8d:ab:a6:02:f0:7c:7c:c3:
de:45:ec:98:92:09:d9:3a:59:76:61:0d:44:1e:dd:
e7:7d:58:f2:f0:cf:67:80:56:d8:af:9e:2e:1c:dc:
ec:40:c9:d8:60:ba:95:65:ca:5f:9c:58:61:94:80:
9e:3a:63:68:42:bb:d0:12:c1:5e:e4:6f:f5:1d:e0:
5a:6e:d2:54:8e:1d:37:e0:81:f7:0e:52:30:2f:a4:
6c:ca:2f:1f:f1:74:ae:9b:5a:a8:73:f9:d4:1c:f8:
52:be:dd:e1:d4:05:88:0e:23
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
d6:48:00:91:65:68:32:ef:2e:29:39:c0:ad:cb:85:55:8d:82:
55:30:75:a5:a7:2f:ff:2e:00:a9:29:b9:63:bb:cc:3f:a7:95:
71:c1:05:b8:b7:f6:3b:47:ff:8e:8c:dd:4b:58:97:bd:dd:1a:
42:e9:48:28:53:3f:75:40:9f:05:e8:0f:14:68:a9:5f:11:bc:
21:a1:b8:6b:d9:a9:e7:7f:21:55:f9:10:57:bd:76:13:26:5a:
da:d5:3a:62:3f:f1:be:94:dd:b5:36:a6:dc:17:4e:81:d3:02:
a4:a6:ce:e0:f0:04:49:ed:04:6d:43:22:ae:97:d8:86:d2:6f:
d2:5b
From this out there is all as default and these option
keySize: 2048, // the size for the private key in bits (default: 1024)
days: 30, // how long till expiry of the signed certificate (default: 365)
algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1')
has not been used.
What am i doing wrong or or I have misunderstood the subject ?
I very pleased if some could help on this subject
Hello !
For exmaple of openssl command openssl req -new -newkey rsa:2048 -x509 -sha256 -days 3000 -nodes -out file.cert -keyout file.key -batch -subj "/C=EE/ST=Harjumaa/L=Tallinn/O=Andmevara AS/OU=XXXX"
I tried to achieve the same using the selfigned and experimente with example provided in README.ms (option section):
var pems = selfsigned.generate(null, { keySize: 2048, // the size for the private key in bits (default: 1024) days: 30, // how long till expiry of the signed certificate (default: 365) algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1') extensions: [{ name: 'basicConstraints', cA: true }], // certificate extensions array pkcs7: true, // include PKCS#7 as part of the output (default: false) clientCertificate: true, // generate client cert signed by the original key (default: false) clientCertificateCN: 'jdoe' // client certificate's common name (default: 'John Doe jdoe123') }); I removed the lines : extensions: [{ name: 'basicConstraints', cA: true }], // certificate extensions array pkcs7: true, // include PKCS#7 as part of the output (default: false)
I used the this inside my javascript:
var pems = selfsigned.generate(null, { keySize: 2048, // the size for the private key in bits (default: 1024) days: 30, // how long till expiry of the signed certificate (default: 365) algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1') clientCertificate: true, // generate client cert signed by the original key (default: false) clientCertificateCN: 'jdoe' // client certificate's common name (default: 'John Doe jdoe123') });
I writed the generted clientcert to file and runned the openssl to view the ceertificate information openssl x509 -text -noout -in Ilja.cert Certificate: Data: Version: 3 (0x2) Serial Number: 13:b1:c1:ea:c2:15:88:63:43 Signature Algorithm: sha1WithRSAEncryption Issuer: CN = example.org, C = US, ST = Virginia, L = Blacksburg, O = Test, OU = Test Validity Not Before: Sep 14 06:06:46 2021 GMT Not After : Sep 14 06:06:46 2022 GMT Subject: CN = jdoe, C = US, ST = Virginia, L = Blacksburg, O = Test, OU = Test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:f0:0e:e9:82:be:8d:2f:3f:32:62:39:6d:26:87: f9:4e:3a:63:a3:bc:65:8d:ab:a6:02:f0:7c:7c:c3: de:45:ec:98:92:09:d9:3a:59:76:61:0d:44:1e:dd: e7:7d:58:f2:f0:cf:67:80:56:d8:af:9e:2e:1c:dc: ec:40:c9:d8:60:ba:95:65:ca:5f:9c:58:61:94:80: 9e:3a:63:68:42:bb:d0:12:c1:5e:e4:6f:f5:1d:e0: 5a:6e:d2:54:8e:1d:37:e0:81:f7:0e:52:30:2f:a4: 6c:ca:2f:1f:f1:74:ae:9b:5a:a8:73:f9:d4:1c:f8: 52:be:dd:e1:d4:05:88:0e:23 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption d6:48:00:91:65:68:32:ef:2e:29:39:c0:ad:cb:85:55:8d:82: 55:30:75:a5:a7:2f:ff:2e:00:a9:29:b9:63:bb:cc:3f:a7:95: 71:c1:05:b8:b7:f6:3b:47:ff:8e:8c:dd:4b:58:97:bd:dd:1a: 42:e9:48:28:53:3f:75:40:9f:05:e8:0f:14:68:a9:5f:11:bc: 21:a1:b8:6b:d9:a9:e7:7f:21:55:f9:10:57:bd:76:13:26:5a: da:d5:3a:62:3f:f1:be:94:dd:b5:36:a6:dc:17:4e:81:d3:02: a4:a6:ce:e0:f0:04:49:ed:04:6d:43:22:ae:97:d8:86:d2:6f: d2:5b
From this out there is all as default and these option keySize: 2048, // the size for the private key in bits (default: 1024) days: 30, // how long till expiry of the signed certificate (default: 365) algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1')
has not been used.
What am i doing wrong or or I have misunderstood the subject ? I very pleased if some could help on this subject
Laur-Alo Adamson