node编写的PKI工具

nodepki

aditosoftware/nodepki: NodePKI is a simple NodeJS based PKI manager for small corporate environments. (github.com)](https://github.com/WillZhuang/nodepki) NodePKI 是一个简单的基于 NodeJS 的 PKI 管理器，适用于小型企业环境。

Requirements

• Linux OS
• NodeJS
• NPM
• OpenSSL

Setup

git clone https://github.com/aditosoftware/nodepki.git
cd nodepki
npm install  

Configure NodePKI

配置文件的例子有 config.yml.default，将其内容copy至 NodePKI/data/config/config.yml。修改 config.yml 根据你的配置。config.yml 中的密码将用于创建PKI。

Start API server

node server.js

启动后，CA 文件将在 data/mypki 文件夹内创建。

用户登录接口 API user login

Add new user

node nodepkictl useradd --username user1 --password user1password

Remove user

node nodepkictl userdel --username user1

List all issued certificates

curl -H "Content-type: application/json" -d '{ "data": { "state":"all" }, "auth": { "username":"thomas", "password":"test" } }' http://localhost:8080/api/v1/certificates/list

Request certificate from CSR

curl -H "Content-type: application/json" -d '{ "data": { "applicant":"Thomas", "csr":"---CERTIFICATE SIGNING REQUEST---", "lifetime":365, "type":"server" }, "auth": { "username":"thomas", "password":"test" } }' http://localhost:8080/api/v1/certificate/request

利用 nodepki-client 管理你的 PKI

NodePKI 服务器的简单命令行客户端。

Dependencies

• NodeJS
• NPM
• OpenSSL

Setup

git clone https://github.com/ThomasLeister/nodepki-client.git
cd nodepki-client
npm install

Configure

Copy config.default.yml to config/config.yml and set the settings according to your environment.

node client help            
[07:34:26] Reading config file data/config/config.yml ...
Usage: client <subcommand> [options]

命令：
  request    Request a new certificate with or without .csr file
  list       List issued certificates
  get        Get issued certificate by serial number
  revoke     Revoke certificate via cert file
  getcacert  Get CA certificate

选项：
  -h, --help  显示帮助信息                                                [布尔]

创建证书(与私钥)

Create new key + certificate from scratch and store both in out/ directory. Lifetime: 7 days.

node client request --lifetime 7 --out out/

Create new key + certificate from scratch, add intermediate cert to cert and store in out/ directory

node client request --out out/ --fullchain

Lifetime defaults to cert_lifetime_default setting in config.yml

Create a new client certificate:

node client request --type client --out out/

获取发布的证书

node client list --state all

可用的状态 Valid states:

• all
• valid
• expired
• revoked

node client list --state valid

获取证书 Get certificate by serial number

… and store certificate to out/cert.pem

node client get --serialnumber 324786EA --out out/cert.pem

Revoke issued certificate

node client revoke --cert cert.pem

Get CA certificates

Get root certificate:

node client getcacert --ca root

Write root certificate to file:

node client getcacert --ca root --out out/root.cert.pem

Get intermediate certificate:

node client getcacert --ca intermediate

Get intermediate certificate + root certificate (=cert chain) and write to file:

node client getcacert --ca intermediate --chain --out out/ca-chain.cert.pem