node-x509
Simple X509 certificate parser.
Installation
From NPM (recommended): npm install x509
Building and testing from source:
sudo npm install -g node-gyp
npm install
npm test
Usage
Reading from a file:
const x509 = ;var issuer = x509;
Reading from a string:
const fs = x509 = ;var issuer = x509;
Methods
Notes:
cert
may be a filename or a raw base64 encoded PEM string in any of these methods.
cert
)
x509.getAltNames(Parse certificate with x509.parseCert
and return the alternate names.
const x509 = ;var altNames = x509;/*altNames = [ '*.nodejitsu.com', 'nodejitsu.com' ]*/
cert
)
x509.getIssuer(Parse certificate with x509.parseCert
and return the issuer.
const x509 = ;var issuer = x509;/*issuer = { countryName: 'GB', stateOrProvinceName: 'Greater Manchester', localityName: 'Salford', organizationName: 'COMODO CA Limited', commonName: 'COMODO High-Assurance Secure Server CA' }*/
cert
)
x509.getSubject(Parse certificate with x509.parseCert
and return the subject.
const x509 = ;var subject = x509;/*subject = { countryName: 'US', postalCode: '10010', stateOrProvinceName: 'NY', localityName: 'New York', streetAddress: '902 Broadway, 4th Floor', organizationName: 'Nodejitsu', organizationalUnitName: 'PremiumSSL Wildcard', commonName: '*.nodejitsu.com' }*/
cert
)
x509.parseCert(Parse subject, issuer, valid before and after date, and alternate names from certificate.
const x509 = ;var cert = x509;/*cert = { subject: { countryName: 'US', postalCode: '10010', stateOrProvinceName: 'NY', localityName: 'New York', streetAddress: '902 Broadway, 4th Floor', organizationName: 'Nodejitsu', organizationalUnitName: 'PremiumSSL Wildcard', commonName: '*.nodejitsu.com' }, issuer: { countryName: 'GB', stateOrProvinceName: 'Greater Manchester', localityName: 'Salford', organizationName: 'COMODO CA Limited', commonName: 'COMODO High-Assurance Secure Server CA' }, notBefore: Sun Oct 28 2012 20:00:00 GMT-0400 (EDT), notAfter: Wed Nov 26 2014 18:59:59 GMT-0500 (EST), altNames: [ '*.nodejitsu.com', 'nodejitsu.com' ], signatureAlgorithm: 'sha1WithRSAEncryption', fingerPrint: 'E4:7E:24:8E:86:D2:BE:55:C0:4D:41:A1:C2:0E:06:96:56:B9:8E:EC', publicKey: { algorithm: 'rsaEncryption', e: '65537', n: '.......' } }*/
cert
, CABundlePath
, function(err, result){ /.../})
x509.verify(Performs basic certificate validation against a bundle of ca certificates.
It accepts an error-first callback as first argument. If the error is null, then the certificate is valid.
The error messages are the same returned by openssl: x509_verify_cert_error_string
Note: As now, this function only accepts absolute paths to existing files as arguments
const x509 = ; x509;
Examples
Checking the date to make sure the certificate is active:
const x509 = ;var cert = x509 date = ; if certnotBefore > date // Certificate isn't active yet.if certnotAfter < date // Certificate has expired.
License
MIT
Alternative implementation / build issues
If you are suffering from hard to fix build issues, there is an alternative (pure javascript) implementation using emscripten: https://github.com/encharm/x509.js (based on node-x509, slightly different API)