A command line for myca for creating my CA center, generating a self signed x509 certificate, issuing server certificate from node.js via openssl. Multiple center supported. RSA, EC(P-256, P-384) supported.
npm install -g myca-cli-
Initialize default center
myca init
will output:
Default center created at path: "C:\Users\<user>\.myca" -
Initialize CA cert of default center
myca initca --days=10950 --pass=mycapass \ --cn="my root ca" --o="my company" --c=CN \
will output:
CA certificate created with: centerName: "default" crtFile: "C:\Users\<user>\.myca\ca.crt" privateKeyFile: "C:\Users\<user>\.myca\ca.key"
-
Issue a RSA serve certificate
myca issue --kind=server --days=730 --pass=fooo \ --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \
will output:
Issue a Certificate with: pubKey: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJunjvIoZ5bFQsA9D/1A MHt36viM7AJZFpQdmVuTLUZXEiTFU6gMdBarikHsXt0xRPcnGHiP1hgSsTIh2j1k 3HiNinwfV/MePvy/8f/XWY+J3BbljQCPQmtUIZAnBebiVcvQrL1cP4l5xgJiv5/p EdRhCs92J/1MMDxhp41BzatBKwbQJ7UQtLnTdWXCs/qptTgaD6vh4a3snWHlfatg TsfzjmSmiXcEYGZM9z6tDrSjR9kBZoog+9DTh+FCdVaasL7QvYlWlOzsjSO2yvLX lYQJ9VJbBGxV0cOKbmPm46aMK6n5br/75CAm8cHyfgsE0MhxH2uxQW3leUy+3MHK ZwIDAQAB -----END PUBLIC KEY----- pass: "fooo" privateKeyFile: "C:\Users\<user>\.myca\server\01.key" privateUnsecureKeyFile: "C:\Users\<user>\.myca\server\01.key.unsecure" centerName: "default" caKeyFile: "C:\Users\<user>\.myca\ca.key" caCrtFile: "C:\Users\<user>\.myca\ca.crt" csrFile: "C:\Users\<user>\.myca\server\01.csr" crtFile: "C:\Users\<user>\.myca\server\01.crt"
-
Initialize a center named ec
// path can be omitted myca initcenter --name=ec --path="c:/users/<user>/.myca-ec"will output:
center created with: centerName: "ec" path: "c:/users/<user>/.myca-ec"
-
Create self-signed EC CA certificate under center ec (default P-256)
myca initca --days=10950 --pass=mycapass \ --cn="my root ca" --o="my company" --c=CN --centerName=ec --alg=ec \
will output:
CA certificate created with: centerName: "ec" crtFile: "c:\users\<user>\.myca-ec\ca.crt" privateKeyFile: "c:\users\<user>\.myca-ec\ca.key"
-
Issue a ec server certificate by center ec CA cert
myca issue --kind=server --days=730 --pass=fooo \ --cn="foo.waitingsong.com" --o="my comany" --c=CN --caKeyPass=mycapass \ --centerName=ec --alg=ec \
-
Issue a serve certificate with Domain Name SANs
myca issue --kind=server --days=730 --pass=fooo \ --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \ --SAN="foo.waitingsong.com, bar.waitingsong.com" \
-
Issue a serve certificate with IP SANs
myca issue --kind=server --days=730 --pass=fooo \ --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \ --ips=192.168.0.1 \ myca issue --kind=server --days=730 --pass=fooo \ --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \ --ips="192.168.0.1, 192.168.0.2" \
-
Issue a RSA client p12/pfx certificate
myca issue --kind=client --days=730 --pass=fooo \ --cn="waitingsong.com" --o="my company" --c=CN --caKeyPass=mycapass \
will output:
Issue a Certificate with: pubKey: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu8wZDZ0a/HNtlJPqCjs 9Isg795iUAJ+5OREb08hPthDN4/LOoLgepIyWbZ/A+0Gv8jHkbqlUvOJV5O5ggjR ezpK3jXln621nbjS3Fzs/uw4+40e4RX7fYIoE9sk94rP+od1ZMRjE8+e+qb34ubC WiXtsyR4EyaRen23IqLNlvxGlcg4xLczaCDA06zkva+wL7qvLYF2331X/rZ+dQgY xh6iWKO7C9qcliF23OOByYIKS8jqQ8ngwHIEogIqNBdt/QyEVN7CvF4M6abQnrrx 9wnnmlaRX2WiybsA06wWl7+4BgKjeULehCVQOpMsS/3QV1dO79vn9hZWM/dAPlnF QwIDAQAB -----END PUBLIC KEY----- pass: "fooo" privateKeyFile: "C:\Users\<user>\.myca\client\0A.key" centerName: "default" caKeyFile: "C:\Users\<user>\.myca\ca.key" caCrtFile: "C:\Users\<user>\.myca\ca.crt" csrFile: "C:\Users\<user>\.myca\client\0A.csr" crtFile: "C:\Users\<user>\.myca\client\0A.crt" pfxFile: "C:\Users\<user>\.myca\client\0A.p12"