JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 803
  • Score
    100M100P100Q103842F
  • License ISC

Generate a self-signed TLS certificate and add it to the trusted certificate store.

Package Exports

  • tls-keygen

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (tls-keygen) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

tls-keygen

Generates a self-signed, trusted TLS certificate that is accepted by browsers for localhost development.

Use Cases

Easily use TLS in locally hosted websites. Using HTTP/2 or some web platform API's requires the page to be served from an https:// origin. This tool makes it easy to generate the necessary key & certificate files.

The generated certificates are not useful in production deployments on the public internet since they are self-signed and only for local addresses. However they could be used, in combination with local DNS hijacking (e.g. /etc/hosts overrides) to mimick production systems locally.

CLI

npx tls-keygen
npx tls-keygen "key.pem" "cert.pem"

The arguments key.pem and cert.pem are, optionally, the output destination filepaths for the TLS private key and public certificate respectively.

Output

Key:
🔑 /Users/seb/key.pem

Certificate:
📜 /Users/seb/cert.pem

Common Name:
  - 🏷  localhost

Subject Alternative Names:
  - 🏷  DNS:localhost
  - 🏷  DNS:*.localhost
  - 🏷  IP:127.0.0.1
  - 🏷  IP:0.0.0.0
  - 🏷  IP:::1
  - 🏷  IP:::

🔐 Done!

API

const {setupTLS} = require('tls-keygen')

// Returns a promise that
// resolves with `key` and `cert` file paths.
const {key, cert} = await setupTLS({
  // Default: ./key.pem
  key: '/path/to/output/key.pem',

  // Default: ./cert.pem
  cert: '/path/to/output/cert.pem',

  // Default: localhost
  commonName: 'example.net',

  // Default: [
  //   'DNS:localhost',
  //   'DNS:*.localhost',
  //   'IP:127.0.0.1',
  //   'IP:0.0.0.0',
  //   'IP:::1',
  //   'IP:::'
  // ]
  subjectAltName: [
    'DNS:www.example.net',
    'DNS:mail.example.net'
  ]
})

The default options are exported for convenience.

const {
  defaultKey,
  defaultCert,
  defaultCommonName,
  defaultSubjectAltName
} = require('tls-keygen')

Platform Support

  • MacOS
  • Linux

Help needed with Windows support. If you can provide access to a Windows system, please open an issue to get in touch.