pem icon indicating copy to clipboard operation
pem copied to clipboard

Published 20 hours ago verified publisher icon Dexus

Add `start date` option to createCertificate()

Open scaret opened this issue 10 years ago • 11 comments

When I type a URL in the browser and press Enter, the browser will try to connect to that host:port, and wait for a moment(several seconds); If there isn't a server at the beginning of "the moment", but a server manage to respond before the end of the timeout, the browser will accept it.

Since I have CA key/cert in my PC, I wrote a piece of code that will generate a certificate (according to its IP address), and use the certificate to start an HTTPS server. As in the case above, the request from the browser arrives before I generate the server certificate(and start the HTTPS server), but I can still respond to the request if the server can work in a very short time.

The browser will have a timestamp A when the request is sent, and the server will have a timestamp B when the certificate is signed(valid from). The problem is that, sometimes A is earlier than B, so browser will get a certificate error, given the info that the certificate has not taken into affect when you visit the website.

I think it may be a bug for the browser(Chrome), but it will be good if pem module can cover this by providing option startdate.

scaret avatar Dec 11 '14 07:12 scaret

@scaret its no bug of chrome, its if it were other than in chrome its a bug.

tomorrow, i will look to fix add optional params to set a startdate

Dexus avatar Feb 24 '15 20:02 Dexus

So it looks like the function createCertificate need to complete rewritten or a new function is need to create startdate and enddate certificates.

With openssl ca is the only way you can create certificates with startdate and enddate.

So you need also a "CA" config and some more data.

https://www.openssl.org/docs/apps/ca#files

So its a littlebit more work.

Dexus avatar Feb 25 '15 13:02 Dexus

@andris9 what do you think about it?

Dexus avatar Feb 25 '15 13:02 Dexus

Additional Infos: https://jamielinux.com/blog/category/CA/ https://github.com/patwie/yoca https://www.rootservice.org/howtos/freebsd/certificate_authority.html

Dexus avatar Feb 25 '15 14:02 Dexus

Hey @Dexus would you be interested of taking over this project (I'd add you as a contributor and also as the npm package owner), so you could edit and publish the code directly? All the recent stuff is way more than I'll ever need or care for.

andris9 avatar Feb 25 '15 14:02 andris9

Hey @andris9 yes i'm interested. ok, i'm understand. the module is very nice and i'm happy that you made the work and the support for this so long. I love to work with you together and use of your modules.

I am on npmjs.org: dexus1985

Regards, Josef

Dexus avatar Feb 25 '15 15:02 Dexus

Ok, great! I added you as a collaborator to this repo and also as the npm package owner. So you can modify this repo and publish updates to npm at will.

andris9 avatar Feb 25 '15 15:02 andris9

Thx.

Dexus avatar Feb 25 '15 15:02 Dexus

Looks like those PRs never made it into the repository? if it is a 2.0.0 thing because createCertificate needs to be rewritten, how soon could we hope for that? what if I submitted a PR?

pierreca avatar Nov 09 '17 04:11 pierreca

PR's are welcome and will be reviewed on our side before merging them. When working on a PR, please be so kind to also try to cover the documentation and unit test part.

KaiSchwarz-cnic avatar Nov 09 '17 09:11 KaiSchwarz-cnic

This is not implemented yet? :cry:

jogamod avatar Dec 07 '20 14:12 jogamod