Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
var forge = require('..');
console.log('Generating 2048-bit key-pair...');
var keys = forge.pki.rsa.generateKeyPair(2048);
console.log('Key-pair created.');
console.log('Creating certification request (CSR) ...');
var csr = forge.pki.createCertificationRequest();
csr.publicKey = keys.publicKey;
csr.setSubject([{
name: 'commonName',
value: 'example.org'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Virginia'
}, {
name: 'localityName',
value: 'Blacksburg'
}, {
name: 'organizationName',
value: 'Test'
}, {
shortName: 'OU',
value: 'Test'
}]);
// add optional attributes
csr.setAttributes([{
name: 'challengePassword',
value: 'password'
}, {
name: 'unstructuredName',
value: 'My company'
}]);
// sign certification request
csr.sign(keys.privateKey/*, forge.md.sha256.create()*/);
console.log('Certification request (CSR) created.');
// PEM-format keys and csr
var pem = {
privateKey: forge.pki.privateKeyToPem(keys.privateKey),
publicKey: forge.pki.publicKeyToPem(keys.publicKey),
csr: forge.pki.certificationRequestToPem(csr)
};
console.log('\nKey-Pair:');
console.log(pem.privateKey);
console.log(pem.publicKey);
console.log('\nCertification Request (CSR):');
console.log(pem.csr);
// verify certification request
try {
if(csr.verify()) {
console.log('Certification request (CSR) verified.');
} else {
throw new Error('Signature not verified.');
}
} catch(err) {
console.log('Certification request (CSR) verification failure: ' +
JSON.stringify(err, null, 2));
}