Awesome

Node.js EasyRSA

Node.js public key infrastructure management library inspired by EasyRSA.

• Uses forge to manage cryptography
• Provides ready-to-use templates to create your certificate authority: vpn, ssl or mdm.
• Available both as a cli and a lib.
• Provides easy-to-use templates for generic use cases (VPN, SSL, MDM)
• Can easily be plugged to a database backend.

Quickstart

VPN Server setup

• Command Line Interface

npm i -g easyrsa
easyrsa init-pki
easyrsa build-ca
easyrsa gen-req EntityName
easyrsa sign-req client EntityName

• Node.js usage

import EasyRSA from 'easyrsa';

const easyrsa = new EasyRSA({pkiDir});

const pkiAttributes = {
  organizationalUnitName: 'foo.online',
  organizationName: 'Foo',
  localityName: 'Paris',
  stateOrProvinceName: 'Ile-de-France',
  countryName: 'France'
}

// Build an OpenVPN infrastructure
easyrsa.initPKI()
  .then(() => {
    const commonName = `ca@${myHost}`;
    const attributes = {
      ...pkiAttributes
    };
    log.warn('Building new CA ...');
    return easyrsa.buildCA({commonName, attributes, serialNumberBytes: 9, privateKey: ca.privateKey})
      .then(({privateKey, cert}) => {
        log.info('Built new CA with serialNumber="%s"', cert.serialNumber);
      });
  })
  .then(() => {
    const commonName = `server@${myHost}`;
    const attributes = {
      ...pkiAttributes,
      unstructuredName: 'OpenVPN Service'
    };
    log.info('Generating new server certificate with commonName="%s" ...', commonName);
    return easyrsa.createServer({commonName, attributes, privateKey: vpn.privateKey})
      .then(({privateKey, csr, cert, serial, index}) => {
        log.info('Built new certificate for commonName="%s" with serialNumber="%s"', commonName, cert.serialNumber);
      });
  })
  .then(() => {
  	const commonName = 'client@${myHost}'
	const {pkiAttributes} = this.config;
    const attributes = {
      ...pkiAttributes,
      unstructuredName: 'My first Client'
    };
    log.info('Generating new %s client for commonName="%s" ...', type, commonName);
    return easyrsa.createClient({commonName, attributes, privateKey})
      .then(({csr, cert, serial, index}) => {
        log.info('Built new client certificate with commonName="%s" with serialNumber="%s"', commonName, cert.serialNumber);
      });
  })

Testing

• You can quickly start hacking around

git clone -o github git@github.com:mgcrea/node-easyrsa.git
cd node-easyrsa
npm i
npm start

Docs

• EasyRSA quickstart