{"library":"node-opcua-pki","title":"PKI Management for node-opcua","description":"node-opcua-pki is a comprehensive library for managing Public Key Infrastructures (PKI), Certificate Authorities (CA), and OPC UA certificates, offering both a powerful command-line interface (CLI) and a programmatic API. Designed specifically for the node-opcua ecosystem, it provides full lifecycle management for certificates, including support for intermediate CAs, OpenSSL 3.5.x compatibility, and a robust PFX (PKCS#12) toolbox. The current stable version is 6.13.0, with frequent minor and patch releases demonstrating active maintenance and continuous feature development. Key differentiators include its deep integration with OPC UA standards, a rich set of CLI commands for common PKI operations, and specialized features like an in-memory DER/PEM buffer API for `CertificateAuthority` operations and a certificate database for querying issued certificates. It serves as a critical component for securing OPC UA applications.","language":"javascript","status":"active","last_verified":"Tue Apr 21","install":{"commands":["npm install node-opcua-pki"],"cli":{"name":"node-opcua-pki","version":null}},"imports":["import { CertificateManager } from 'node-opcua-pki';","import { CertificateAuthority } from 'node-opcua-pki';","import { initializeCSR } from 'node-opcua-pki';"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"#!/bin/bash\n\n# This script demonstrates how to set up a basic PKI structure and generate a self-signed certificate.\n# Prerequisites: Node.js (with npx) and OpenSSL (or LibreSSL) installed on your system.\n# For Debian/Ubuntu, install OpenSSL: `sudo apt install openssl`\n\n# Define a root directory for our PKI (relative path).\nPKI_ROOT=\"./my_opcua_pki_example\"\n\necho \"\\n--- 1. Creating a new OPC UA PKI directory structure in ${PKI_ROOT} ---\"\nnpx node-opcua-pki createPKI \\\n  --root \"${PKI_ROOT}\" \\\n  --keySize 2048 \\\n  --silent\n\n# Check if the PKI root directory was created\nif [ ! -d \"${PKI_ROOT}\" ]; then\n  echo \"Error: PKI root directory '${PKI_ROOT}' was not created. Exiting.\" >&2\n  exit 1\nfi\n\necho \"\\n--- 2. Creating a self-signed OPC UA Application Certificate ---\"\nnpx node-opcua-pki certificate \\\n  --root \"${PKI_ROOT}\" \\\n  --selfSigned \\\n  --applicationUri \"urn:my-opcua-server:application\" \\\n  --subject \"/C=US/ST=CA/L=SF/O=MyCompany/CN=MyOPCUAServer\" \\\n  -o \"${PKI_ROOT}/own/certs/server_certificate.pem\" \\\n  --dns \"localhost\" \\\n  --ip \"127.0.0.1\" \\\n  --validity 365 # Valid for 1 year\n\n# Check if the certificate was created\nif [ ! -f \"${PKI_ROOT}/own/certs/server_certificate.pem\" ]; then\n  echo \"Error: Server certificate was not created. Exiting.\" >&2\n  exit 1\nfi\n\necho \"\\n--- 3. Dumping the created certificate information for verification ---\"\nnpx node-opcua-pki dump \"${PKI_ROOT}/own/certs/server_certificate.pem\"\n\necho \"\\nPKI setup and self-signed certificate generation complete in '${PKI_ROOT}'.\"","lang":"bash","description":"This quickstart demonstrates how to use the `node-opcua-pki` CLI to initialize a Public Key Infrastructure and generate a self-signed OPC UA application certificate for development or testing. It includes verification steps.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}