From cd35f26e953815c645fe986e44ed4298a17eb361 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 8 Oct 2019 15:13:13 -0600 Subject: [PATCH] update docs --- README.md | 79 ++++++++++++++++++++++++++------------ tests/generate-cert-key.js | 15 ++++++++ 2 files changed, 69 insertions(+), 25 deletions(-) create mode 100644 tests/generate-cert-key.js diff --git a/README.md b/README.md index 3a01e7e..75862ca 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,12 @@ Lightweight. Fast. Modern Crypto. Zero dependecies. - [x] Simple and lightweight PEM, DER, ASN1, X509, and CSR implementations - [x] Supports International Domain Names (i.e. `.中国`) - [x] VanillaJS, Zero External Dependencies - - [x] Node.js + - [x] Node.js\* (v6+) - [x] WebPack +\* Although we use `async/await` in the examples, the code is written in CommonJS, +with Promises, so you can use it in Node.js and Browsers without transpiling. + # Want Quick and Easy? ACME.js is a low-level tool for building Let's Encrypt clients in Node and Browsers. @@ -161,6 +164,38 @@ Keypairs.generate({ kty: 'EC' }).then(function(pair) { }); ``` +### Generate a Certificate Private Key + +```js +var certKeypair = await Keypairs.generate({ kty: 'RSA' }); +var pem = await Keypairs.export({ + jwk: certKeypair.private, + encoding: 'pem' +}); + +// This should be saved as `privkey.pem` +console.log(pem); +``` + +### Generate a CSR + +The easiest way to generate a Certificate Signing Request will be either with `openssl` or with `@root/CSR`. + +```js +var CSR = require('@root/csr'); +var Enc = require('@root/encoding'); + +// 'subject' should be first in list +var sortedDomains = ['example.com', 'www.example.com']; +var csr = await CSR.csr({ + jwk: certKeypair.private, + domains: sortedDomains, + encoding: 'der' +}).then(function(der) { + return Enc.bufToUrlBase64(der); +}); +``` + ### Get Free 90-day SSL Certificate Creating an ACME "order" for a 90-day SSL certificate requires use of the account private key, @@ -170,31 +205,25 @@ A domain ownership verification "challenge" (uploading a file to an unsecured HT is a required part of the process, which requires `set` and `remove` callbacks/promises. ```js -var serverPrivateKey; - -Keypairs.generate({ kty: 'EC' }).then(function(pair) { - serverPrivateKey = pair.private; - - return acme.certificates - .create({ - agreeToTerms: function(tos) { - return tos; - }, - account: account, - accountKeypair: { privateKeyJwk: accountPrivateKey }, - serverKeypair: { privateKeyJwk: serverPrivateKey }, - domains: ['example.com', 'www.example.com'], - challenges: challenges, // must be implemented - customerEmail: null, - skipDryRun: true - }) - .then(function(results) { - console.log('Got SSL Certificate:'); - console.log(results.expires); - console.log(results.cert); - console.log(results.chain); - }); +var certinfo = await acme.certificates.create({ + agreeToTerms: function(tos) { + return tos; + }, + account: account, + accountKeypair: { privateKeyJwk: accountPrivateKey }, + csr: csr, + domains: sortedDomains, + challenges: challenges, // must be implemented + customerEmail: null, + skipChallengeTests: false, + skipDryRun: false }); + +console.log('Got SSL Certificate:'); +console.log(results.expires); + +// This should be saved as `fullchain.pem` +console.log([results.cert, results.chain].join('\n')); ``` ### Example "Challenge" Implementation diff --git a/tests/generate-cert-key.js b/tests/generate-cert-key.js new file mode 100644 index 0000000..dd66eed --- /dev/null +++ b/tests/generate-cert-key.js @@ -0,0 +1,15 @@ +'use strict'; + +async function run() { + var Keypairs = require('@root/keypairs'); + + var certKeypair = await Keypairs.generate({ kty: 'RSA' }); + console.log(certKeypair); + var pem = await Keypairs.export({ + jwk: certKeypair.private, + encoding: 'pem' + }); + console.log(pem); +} + +run();