A client-side rendered web application that facilitates the creation of client keys and certificates for TLS. It is built on top of PKIjs, SvelteKit and SMUI.
To download source code with git use
git clone https://github.com/ibpl/web-certificate-tool
Building this project requires a working, up-to-date make, npm, pipx and sed.
All commands described below should be run in the root directory of the downloaded project.
To audit the dependencies for security vulnerabilities use
make audit
To update dependencies use
make update
To start the development server and open the application in a web browser use
make dev
To format code use
make format
To lint use
make lint
To run code coverage use
make coverage
To run all tests use
make test
To run only the test files that contain components/common in their path add path like this
make test path=components/common
path only checks inclusion and doesn't support regexp or glob patterns (unless your terminal processes it before make receives the path).
When WATCH=1 is set in the environment, test will enter the watch mode, i.e.
WATCH=1 make test
To build application for production use
make
The application files ready to be copied to production webserver will be in the build subdirectory.
build subdirectory contains uncompressed application files and its gzip and brotli precompressed equivalents for web servers and web clients that are able to use precompressed versions for download optimization.
After successful build, copy files from build subdirectory to directory served (as static content) over HTTPS (i.e. by Apache) and access it using up-to-date web browser with JavaScript enabled.
For better security cosider:
- serving all application files over HTTPS with
Strict-Transport-Security: 31536000header, - serving all application files with response security headers that allows application to load only required resources i.e.
Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline' 'self'; connect-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self' data:; font-src 'self' data:;
Optional config.json file may be placed in application's root folder with the following optional parameters:
locale[string]: forces specified initial locale to be one of supported locales,ownerId[string]: forces specified initial owner's ID (value length must be in range 1-300),themeMode[string]: forces initial theme mode to be light (whenlight) or dark (whendark).
Example config.json content:
{
"ownerId": "[email protected]",
"themeMode": "dark",
"locale": "pl"
}
The following, optional query parameters may be specified in URL:
l[string]: forces specified initial locale to be one of supported locales,oid[string]: forces specified initial owner's ID (value length must be in range 1-300),tm[string]: forces initial theme mode to be light (whenlight) or dark (whendark).
Example URL:
https://wtc.example.com/?l=pl&tm=light&[email protected]
Setting source precendence (from highest to lowest):
- URL query,
config.json,- user's system/browser current setting (
enlocale will be used as fallback if users's browser locale is not supported).
Application operates on data (i.e. keys, certificate requests, certificates) locally in browser using PKIjs.
Application allows to generate RSA-2048 keys.
Application allows to save private RSA key in PKCS #8 PEM formatted file without encryption or (if password is specified) encrypted with PBKDF2/SHA-256/AES-256-CBC (similar as openssl 3.0 does).
Application allows to load private RSA key from PKCS #8 PEM formatted file without encryption or (if password is specified) encrypted with alghorithm supported by PKIjs (i.e. PBKDF2/SHA-256/AES-256-CBC as saved by this application or generated with openssl 3.0). Keys are loaded locally in browser using PKIjs.
Application allows to generate PKCS #10 PEM formatted CSR from given key and owner's ID (which is stored in subject CN).
Application allows to copy generated CSR to clipboard or save it to file or pass it to default e-mail client (to be sent in e-mail message body).
Application allows to load certificate from PEM formatted file. Certificates are loaded locally in browser using PKIjs.
Application allows to save private RSA key and its certificate in PKCS #12 formatted file encrypted with PBKDF2/SHA-256/AES-256-CBC (similar as openssl 3.0 does).
Content in this repository is licensed under the GNU Affero General Public License Version 3 (AGPL v3). Other licenses may be specified as well where third-party content is used.
Detailed copyright and licensing is declared in accordance with the REUSE Specification – Version 3.0.