update docs

This commit is contained in:
AJ ONeal 2019-10-08 15:13:13 -06:00
parent 83cf96f074
commit cd35f26e95
2 changed files with 69 additions and 25 deletions

View File

@ -14,9 +14,12 @@ Lightweight. Fast. Modern Crypto. Zero dependecies.
- [x] Simple and lightweight PEM, DER, ASN1, X509, and CSR implementations - [x] Simple and lightweight PEM, DER, ASN1, X509, and CSR implementations
- [x] Supports International Domain Names (i.e. `.中国`) - [x] Supports International Domain Names (i.e. `.中国`)
- [x] VanillaJS, Zero External Dependencies - [x] VanillaJS, Zero External Dependencies
- [x] Node.js - [x] Node.js\* (v6+)
- [x] WebPack - [x] WebPack
\* Although we use `async/await` in the examples, the code is written in CommonJS,
with Promises, so you can use it in Node.js and Browsers without transpiling.
# Want Quick and Easy? # Want Quick and Easy?
ACME.js is a low-level tool for building Let's Encrypt clients in Node and Browsers. ACME.js is a low-level tool for building Let's Encrypt clients in Node and Browsers.
@ -161,6 +164,38 @@ Keypairs.generate({ kty: 'EC' }).then(function(pair) {
}); });
``` ```
### Generate a Certificate Private Key
```js
var certKeypair = await Keypairs.generate({ kty: 'RSA' });
var pem = await Keypairs.export({
jwk: certKeypair.private,
encoding: 'pem'
});
// This should be saved as `privkey.pem`
console.log(pem);
```
### Generate a CSR
The easiest way to generate a Certificate Signing Request will be either with `openssl` or with `@root/CSR`.
```js
var CSR = require('@root/csr');
var Enc = require('@root/encoding');
// 'subject' should be first in list
var sortedDomains = ['example.com', 'www.example.com'];
var csr = await CSR.csr({
jwk: certKeypair.private,
domains: sortedDomains,
encoding: 'der'
}).then(function(der) {
return Enc.bufToUrlBase64(der);
});
```
### Get Free 90-day SSL Certificate ### Get Free 90-day SSL Certificate
Creating an ACME "order" for a 90-day SSL certificate requires use of the account private key, Creating an ACME "order" for a 90-day SSL certificate requires use of the account private key,
@ -170,31 +205,25 @@ A domain ownership verification "challenge" (uploading a file to an unsecured HT
is a required part of the process, which requires `set` and `remove` callbacks/promises. is a required part of the process, which requires `set` and `remove` callbacks/promises.
```js ```js
var serverPrivateKey; var certinfo = await acme.certificates.create({
Keypairs.generate({ kty: 'EC' }).then(function(pair) {
serverPrivateKey = pair.private;
return acme.certificates
.create({
agreeToTerms: function(tos) { agreeToTerms: function(tos) {
return tos; return tos;
}, },
account: account, account: account,
accountKeypair: { privateKeyJwk: accountPrivateKey }, accountKeypair: { privateKeyJwk: accountPrivateKey },
serverKeypair: { privateKeyJwk: serverPrivateKey }, csr: csr,
domains: ['example.com', 'www.example.com'], domains: sortedDomains,
challenges: challenges, // must be implemented challenges: challenges, // must be implemented
customerEmail: null, customerEmail: null,
skipDryRun: true skipChallengeTests: false,
}) skipDryRun: false
.then(function(results) { });
console.log('Got SSL Certificate:'); console.log('Got SSL Certificate:');
console.log(results.expires); console.log(results.expires);
console.log(results.cert);
console.log(results.chain); // This should be saved as `fullchain.pem`
}); console.log([results.cert, results.chain].join('\n'));
});
``` ```
### Example "Challenge" Implementation ### Example "Challenge" Implementation

View File

@ -0,0 +1,15 @@
'use strict';
async function run() {
var Keypairs = require('@root/keypairs');
var certKeypair = await Keypairs.generate({ kty: 'RSA' });
console.log(certKeypair);
var pem = await Keypairs.export({
jwk: certKeypair.private,
encoding: 'pem'
});
console.log(pem);
}
run();