Add start date option to createCertificate()

[scaret]

When I type a URL in the browser and press Enter, the browser will try to connect to that host:port, and wait for a moment(several seconds); If there isn't a server at the beginning of "the moment", but a server manage to respond before the end of the timeout, the browser will accept it.

Since I have CA key/cert in my PC, I wrote a piece of code that will generate a certificate (according to its IP address), and use the certificate to start an HTTPS server. As in the case above, the request from the browser arrives before I generate the server certificate(and start the HTTPS server), but I can still respond to the request if the server can work in a very short time.

The browser will have a timestamp A when the request is sent, and the server will have a timestamp B when the certificate is signed(valid from). The problem is that, sometimes A is earlier than B, so browser will get a certificate error, given the info that the certificate has not taken into affect when you visit the website.

I think it may be a bug for the browser(Chrome), but it will be good if pem module can cover this by providing option startdate.

[Dexus]

@scaret its no bug of chrome, its if it were other than in chrome its a bug.

tomorrow, i will look to fix add optional params to set a startdate

[Dexus]

So it looks like the function createCertificate need to complete rewritten or a new function is need to create startdate and enddate certificates.

With openssl ca is the only way you can create certificates with startdate and enddate.

So you need also a "CA" config and some more data.

https://www.openssl.org/docs/apps/ca#files

So its a littlebit more work.

[Dexus]

@andris9 what do you think about it?

[Dexus]

Additional Infos:
https://jamielinux.com/blog/category/CA/
https://github.com/patwie/yoca
https://www.rootservice.org/howtos/freebsd/certificate_authority.html

[andris9]

Hey @Dexus would you be interested of taking over this project (I'd add you as a contributor and also as the npm package owner), so you could edit and publish the code directly? All the recent stuff is way more than I'll ever need or care for.

[Dexus]

Hey @andris9 yes i'm interested.
ok, i'm understand. the module is very nice and i'm happy that you made the work and the support for this so long. I love to work with you together and use of your modules.

I am on npmjs.org: dexus1985

Regards, Josef

[andris9]

Ok, great! I added you as a collaborator to this repo and also as the npm package owner. So you can modify this repo and publish updates to npm at will.

[Dexus]

Thx.

[pierreca]

Looks like those PRs never made it into the repository? if it is a 2.0.0 thing because createCertificate needs to be rewritten, how soon could we hope for that? what if I submitted a PR?

[KaiSchwarz-cnic]

PR's are welcome and will be reviewed on our side before merging them.
When working on a PR, please be so kind to also try to cover the documentation and unit test part.

[jogamod]

This is not implemented yet? 😢