Class X509Certificate

Encapsulates an X509 certificate and provides read-only access to its information.

const { X509Certificate } = await import('crypto');

const x509 = new X509Certificate('{... pem encoded cert ...}');

console.log(x509.subject);

Since

v15.6.0

Index

Constructors

constructor

new X509Certificate(buffer): X509Certificate
Parameters
- buffer: BinaryLike
Returns X509Certificate
- Defined in node_modules/@types/node/crypto.d.ts:3664

Properties

`Readonly`ca

ca: boolean

Will be true if this is a Certificate Authority (CA) certificate.

Since

v15.6.0

`Readonly`fingerprint

fingerprint: string

The SHA-1 fingerprint of this certificate.

Because SHA-1 is cryptographically broken and because the security of SHA-1 is significantly worse than that of algorithms that are commonly used to sign certificates, consider using x509.fingerprint256 instead.

Since

v15.6.0

`Readonly`fingerprint256

fingerprint256: string

The SHA-256 fingerprint of this certificate.

Since

v15.6.0

`Readonly`fingerprint512

fingerprint512: string

The SHA-512 fingerprint of this certificate.

Since

v16.14.0

`Readonly`subject

subject: string

The complete subject of this certificate.

Since

v15.6.0

`Readonly`subjectAltName

subjectAltName: string

The subject alternative name specified for this certificate or undefined if not available.

Since

v15.6.0

`Readonly`infoAccess

infoAccess: string

The information access content of this certificate or undefined if not available.

Since

v15.6.0

`Readonly`keyUsage

keyUsage: string[]

An array detailing the key usages for this certificate.

Since

v15.6.0

`Readonly`issuer

issuer: string

The issuer identification included in this certificate.

Since

v15.6.0

`Optional` `Readonly`issuerCertificate

issuerCertificate?: X509Certificate

The issuer certificate or undefined if the issuer certificate is not available.

Since

v15.9.0

`Readonly`publicKey

publicKey: KeyObject

The public key KeyObject for this certificate.

Since

v15.6.0

`Readonly`raw

raw: Buffer

A Buffer containing the DER encoding of this certificate.

Since

v15.6.0

`Readonly`serialNumber

serialNumber: string

The serial number of this certificate.

Serial numbers are assigned by certificate authorities and do not uniquely identify certificates. Consider using x509.fingerprint256 as a unique identifier instead.

Since

v15.6.0

`Readonly`validFrom

validFrom: string

The date/time from which this certificate is considered valid.

Since

v15.6.0

`Readonly`validTo

validTo: string

The date/time until which this certificate is considered valid.

Since

v15.6.0

Methods

checkEmail

checkEmail(email, options?): string
Checks whether the certificate matches the given email address.

If the 'subject' option is undefined or set to 'default', the certificate subject is only considered if the subject alternative name extension either does not exist or does not contain any email addresses.

If the 'subject' option is set to 'always' and if the subject alternative name extension either does not exist or does not contain a matching email address, the certificate subject is considered.

If the 'subject' option is set to 'never', the certificate subject is never considered, even if the certificate contains no subject alternative names.
Parameters
- email: string
- Optionaloptions: Pick<X509CheckOptions, "subject">
Returns string
Returns email if the certificate matches, undefined if it does not.

Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3681

checkHost

checkHost(name, options?): string
Checks whether the certificate matches the given host name.

If the certificate matches the given host name, the matching subject name is returned. The returned name might be an exact match (e.g., foo.example.com) or it might contain wildcards (e.g., *.example.com). Because host name comparisons are case-insensitive, the returned subject name might also differ from the given name in capitalization.

If the 'subject' option is undefined or set to 'default', the certificate subject is only considered if the subject alternative name extension either does not exist or does not contain any DNS names. This behavior is consistent with RFC 2818 ("HTTP Over TLS").

If the 'subject' option is set to 'always' and if the subject alternative name extension either does not exist or does not contain a matching DNS name, the certificate subject is considered.

If the 'subject' option is set to 'never', the certificate subject is never considered, even if the certificate contains no subject alternative names.
Parameters
- name: string
- Optionaloptions: X509CheckOptions
Returns string
Returns a subject name that matches name, or undefined if no subject name matches name.

Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3704

checkIP

checkIP(ip): string
Checks whether the certificate matches the given IP address (IPv4 or IPv6).

Only RFC 5280 iPAddress subject alternative names are considered, and they must match the given ip address exactly. Other subject alternative names as well as the subject field of the certificate are ignored.
Parameters
- ip: string
Returns string
Returns ip if the certificate matches, undefined if it does not.

Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3714

checkIssued

checkIssued(otherCert): boolean
Checks whether this certificate was issued by the given otherCert.
Parameters
- otherCert: X509Certificate
Returns boolean
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3719

checkPrivateKey

checkPrivateKey(privateKey): boolean
Checks whether the public key for this certificate is consistent with the given private key.
Parameters
- privateKey: KeyObject
  A private key.
Returns boolean
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3726

toJSON

toJSON(): string
There is no standard JSON encoding for X509 certificates. ThetoJSON() method returns a string containing the PEM encoded certificate.

Returns string
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3732

toLegacyObject

toLegacyObject(): PeerCertificate
Returns information about this certificate using the legacy certificate object encoding.

Returns PeerCertificate
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3737

toString

toString(): string
Returns the PEM-encoded certificate.

Returns string
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3742

verify

verify(publicKey): boolean
Verifies that this certificate was signed by the given public key. Does not perform any other validation checks on the certificate.
Parameters
- publicKey: KeyObject
  A public key.
Returns boolean
Since
v15.6.0
- Defined in node_modules/@types/node/crypto.d.ts:3749

Class X509Certificate

Since

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

Returns X509Certificate

Properties

Readonlyca

Since

Readonlyfingerprint

Since

Readonlyfingerprint256

Since

Readonlyfingerprint512

Since

Readonlysubject

Since

ReadonlysubjectAltName

Since

ReadonlyinfoAccess

Since

ReadonlykeyUsage

Since

Readonlyissuer

Since

Optional ReadonlyissuerCertificate

Since

ReadonlypublicKey

Since

Readonlyraw

Since

ReadonlyserialNumber

Since

ReadonlyvalidFrom

Since

ReadonlyvalidTo

Since

Methods

checkEmail

Parameters

Returns string

Since

checkHost

Parameters

Returns string

Since

checkIP

Parameters

Returns string

Since

checkIssued

Parameters

Returns boolean

Since

checkPrivateKey

Parameters

Returns boolean

Since

toJSON

Returns string

Since

toLegacyObject

Returns PeerCertificate

Since

toString

Returns string

Since

verify

Parameters

Returns boolean

Since

Settings

On This Page

`Readonly`ca

`Readonly`fingerprint

`Readonly`fingerprint256

`Readonly`fingerprint512

`Readonly`subject

`Readonly`subjectAltName

`Readonly`infoAccess

`Readonly`keyUsage

`Readonly`issuer

`Optional` `Readonly`issuerCertificate

`Readonly`publicKey

`Readonly`raw

`Readonly`serialNumber

`Readonly`validFrom

`Readonly`validTo