Skip to content

Tutorial for ASN.1 structure classes of X.509 certificate

Kenji Urushima edited this page Nov 6, 2016 · 4 revisions

TOP | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL


The name space KJUR.asn1.x509 concludes some classes of ASN.1 structures for X.509 certificate. Class names and methods are very similar to BouncyCastle JCE library. So if you know it it's easy to learn.

Getting Started

When you generate X.509 certificate by CA private key you'll take following procedures:

  • generate TBSCertificate object
  • add Basic Fields to TBSCertificate object
  • add Extensions to TBSCertificate object
  • sign certificate and get a PEM formatted string of the certificate

 // generate TBSCertificate
 var tbsc = new KJUR.asn1.x509.TBSCertificate();

 // add basic fields
tbsc.setSerialNumberByParam({'int': 1234});
tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
tbsc.setIssuerByParam({'str': "/C=US/O=Test/CN=CA"});  
tbsc.setNotBeforeByParam({'str': "130511235959Z"});
tbsc.setNotAfterByParam({'str': "150511235959Z"});
tbsc.setSubjectByParam({'str': "/C=US/O=Test/CN=User1"});  
tbsc.setSubjectPublicKeyByParam({'rsapem': "----BEGIN PUBLIC KEY(snip)"});

// add extensions
tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA': false}));
tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
tbsc.appendExtension(new KJUR.asn1.x509.CRLDistributionPoints({'uri':'http://a.com/a.crl'}));

// sign and get PEM certificate with CA private key
var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbsc,
                                           'rsaprvpem': '----BEGIN RSA PRIVATE KEY(snip)',
                                           'rsaprvpas': 'password'});
cert.sign();
var certPEM = cert.getPEMString();
You can’t perform that action at this time.