node-opcua-pki 6.10.0 → 6.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/pki.mjs +19 -4
- package/dist/bin/pki.mjs.map +1 -1
- package/dist/index.js +19 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +19 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/bin/pki.mjs
CHANGED
|
@@ -2391,9 +2391,14 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment, d
|
|
|
2391
2391
|
extendedKeyUsage = critical,serverAuth ,clientAuth
|
|
2392
2392
|
subjectAltName = $ENV::ALTNAME
|
|
2393
2393
|
nsComment = "CA Generated by Node-OPCUA Certificate utility using openssl"
|
|
2394
|
+
[ v3_ca_req ]
|
|
2395
|
+
subjectKeyIdentifier = hash
|
|
2396
|
+
basicConstraints = CA:TRUE
|
|
2397
|
+
keyUsage = critical, cRLSign, keyCertSign
|
|
2398
|
+
nsComment = "CA CSR generated by Node-OPCUA Certificate utility using openssl"
|
|
2394
2399
|
[ v3_ca ]
|
|
2395
2400
|
subjectKeyIdentifier = hash
|
|
2396
|
-
authorityKeyIdentifier = keyid
|
|
2401
|
+
authorityKeyIdentifier = keyid:always,issuer:always
|
|
2397
2402
|
basicConstraints = CA:TRUE
|
|
2398
2403
|
keyUsage = critical, cRLSign, keyCertSign
|
|
2399
2404
|
nsComment = "CA Certificate generated by Node-OPCUA Certificate utility using openssl"
|
|
@@ -2465,10 +2470,20 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
2465
2470
|
}
|
|
2466
2471
|
}
|
|
2467
2472
|
await construct_default_files();
|
|
2468
|
-
|
|
2469
|
-
|
|
2473
|
+
const caKeyExists = fs9.existsSync(path6.join(caRootDir, "private/cakey.pem"));
|
|
2474
|
+
const caCertExists = fs9.existsSync(path6.join(caRootDir, "public/cacert.pem"));
|
|
2475
|
+
if (caKeyExists && caCertExists && !config3.forceCA) {
|
|
2476
|
+
debugLog("CA private key and certificate already exist ... skipping");
|
|
2470
2477
|
return;
|
|
2471
2478
|
}
|
|
2479
|
+
if (caKeyExists && !caCertExists) {
|
|
2480
|
+
debugLog("CA private key exists but cacert.pem is missing \u2014 rebuilding CA");
|
|
2481
|
+
fs9.unlinkSync(path6.join(caRootDir, "private/cakey.pem"));
|
|
2482
|
+
const staleCsr = path6.join(caRootDir, "private/cakey.csr");
|
|
2483
|
+
if (fs9.existsSync(staleCsr)) {
|
|
2484
|
+
fs9.unlinkSync(staleCsr);
|
|
2485
|
+
}
|
|
2486
|
+
}
|
|
2472
2487
|
displayTitle("Create Certificate Authority (CA)");
|
|
2473
2488
|
const indexFileAttr = path6.join(caRootDir, "index.txt.attr");
|
|
2474
2489
|
if (!fs9.existsSync(indexFileAttr)) {
|
|
@@ -2492,7 +2507,7 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
2492
2507
|
await generatePrivateKeyFile2(privateKeyFilename, keySize);
|
|
2493
2508
|
displayTitle("Generate a certificate request for the CA key");
|
|
2494
2509
|
await execute_openssl(
|
|
2495
|
-
"req -new -sha256 -text -extensions
|
|
2510
|
+
"req -new -sha256 -text -extensions v3_ca_req" + configOption + " -key " + q3(n4(privateKeyFilename)) + " -out " + q3(n4(csrFilename)) + " " + subjectOpt,
|
|
2496
2511
|
options
|
|
2497
2512
|
);
|
|
2498
2513
|
displayTitle("Generate CA Certificate (self-signed)");
|