PKI-Lite - v1.2.1
    Preparing search index...

    Class CertificateBuilder

    Builder class for creating X.509 certificates.

    This builder provides a fluent API for constructing certificates with various options including subject, issuer, validity period, extensions, and more. It supports both self-signed and CA-signed certificates.

    // Create a self-signed certificate
    const cert = await Certificate.builder()
        .setSubject('CN=Test Certificate, O=My Org, C=US')
        .setPublicKey(publicKey)
        .setPrivateKey(privateKey)
        .setValidityPeriod(
            new Date('2024-01-01'),
            new Date('2025-01-01')
        )
        .addExtension(basicConstraintsExt)
        .selfSign()

    // Create a CA-signed certificate
    const cert = await Certificate.builder()
        .setSubject('CN=User Certificate')
        .setPublicKey(userPublicKey)
        .setIssuer(caCert)
        .setIssuerPrivateKey(caPrivateKey)
        .setSerialNumber(generateSerial())
        .setValidityPeriod(notBefore, notAfter)
        .sign()

    Implements

    Index

    Constructors

    constructor

    Methods

    addAuthorityKeyIdentifier addBasicConstraints addExtendedKeyUsage addExtension addExtensions addKeyUsage addSubjectAltName addSubjectKeyIdentifier build generateSerialNumber selfSign setAlgorithm setIssuer setIssuerPrivateKey setPrivateKey setPublicKey setSerialNumber setSubject setValidityDays setValidityPeriod setVersion sign

    Constructors

    Methods

    • Adds an Authority Key Identifier extension to the certificate.

      Parameters

      • keyIdentifier: Uint8Array<ArrayBuffer>

        The authority key identifier bytes

      Returns this

      This builder for chaining

    • Adds a Basic Constraints extension to the certificate.

      Parameters

      • cA: boolean

        Whether this is a CA certificate

      • OptionalpathLenConstraint: number

        Optional path length constraint

      Returns this

      This builder for chaining

      // CA certificate with path length 1
      builder.addBasicConstraints(true, 1)

      // End-entity certificate
      builder.addBasicConstraints(false)

    • Adds an Extended Key Usage extension to the certificate.

      Parameters

      • options: {
            clientAuth?: boolean;
            codeSigning?: boolean;
            emailProtection?: boolean;
            ocspSigning?: boolean;
            serverAuth?: boolean;
            timeStamping?: boolean;
        } & { [oid: string]: boolean }

        Extended key usage purposes

      Returns this

      This builder for chaining

      builder.addExtendedKeyUsage({
          serverAuth: true,
          clientAuth: true
      })

    • Adds a Subject Alternative Name extension to the certificate. Strings are automatically converted to DNS names.

      Parameters

      • ...altNames: (string | GeneralName)[]

        Alternative names for the subject (strings or GeneralName objects)

      Returns this

      This builder for chaining

      // Simple DNS names as strings
      builder.addSubjectAltName('example.com', '*.example.com')

      // Or use GeneralName objects for other types
      builder.addSubjectAltName(
          new GeneralName.dNSName({ value: 'example.com' }),
          new GeneralName.rfc822Name({ value: 'admin@example.com' })
      )

      // Mix strings and GeneralName objects
      builder.addSubjectAltName(
          'example.com',
          new GeneralName.rfc822Name({ value: 'admin@example.com' })
      )

    • Adds a Subject Key Identifier extension to the certificate.

      Parameters

      • keyIdentifier: Uint8Array<ArrayBuffer>

        The key identifier bytes

      Returns this

      This builder for chaining

    • Sets the serial number for the certificate.

      Parameters

      • serialNumber: string | number | Uint8Array<ArrayBuffer>

        Serial number as bytes, number, or string

      Returns this

      This builder for chaining

    Settings

    Member Visibility

    On This Page

    Constructors
    Methods