A robust and secure JavaScript library for generating Certificate Signing Requests (CSRs) using existing key pairs.
This library follows the PKCS#10 specification and implements CSR generation with ECDSA keys and SHA-256 signing.
PKCS#10compliant implementationDNSSubject Alternative Names (SAN)- Generate
CSRsusing existingECDSAkey pairs - DER encoding with
base64urloutput format - Secure cryptographic operations using native
Web Crypto API
Here's a basic example of generating a CSR that is compatible with FlattenedSign
Jose is required for ES256 and to keep the same flow.
import { generateCSRWithExistingKeys } from './csr.js';
import * as jose from 'index.js';
const { publicKey, privateKey } = await jose.generateKeyPair("ES256", { extractable: true });
async function generateCSR() {
try {
const commonName = 'www.ssl.boats';
const dnsNames = ["www.ssl.boats", "ssl.boats"];
const csr = await generateCSRWithExistingKeys(
commonName,
keyPair.publicKey,
keyPair.privateKey,
dnsNames,
jose);
console.log('Generated CSR:', csr);
} catch (error) {
console.error('Failed to generate CSR:', error);
}
}Generates a Certificate Signing Request using existing public and private key pairs.
commonName(string): The common name (CN) for theCSRsubject fieldpublicKey(CryptoKey):ECDSApublic key as a CryptoKey objectprivateKey(CryptoKey):ECDSAprivate key corresponding to the public keydnsNames(array): Array of DNS names to use for Subject Alternative Names (SAN)jose(import): Jose is required for key export operations
Promise<string>: Base64URL-encodedDERformatCSR
Error: IfCSRgeneration fails, with detailed error message
Contributions are welcome! Please feel free to submit a Pull Request.
For major changes, please open an issue first to discuss what you would like to change.
RFC 2986-PKCS #10: Certification Request Syntax SpecificationWeb Crypto API
Made with ❤️ by FirstTimeEZ