WebCrypto GOST: Generate new X.509 CA self-signed certificate

Self-Signed Certificate parameters

Algorithm parameters for selected provider Country name State or Province name Organization name Organization unit name Title Common name The number of days to certify a certificate CA Certificate & Private Key contents

Generate CA method

// Create CA certificate with parameters from this page
var cert = new gostCrypto.cert.X509({
    subject: {
        countryName: countryName.value,
        stateOrProvinceName: stateOrProvinceName.value,
        organizationName: organizationName.value,
        organizationalUnitName: organizationalUnitName.value,
        title: title.value,
        commonName: commonName.value
    },
    extensions: {
        keyUsage: ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 
            'dataEncipherment', 'keyAgreement', 'keyCertSign', 'cRLSign'],
        extKeyUsage: ['serverAuth', 'clientAuth', 'codeSigning', 'emailProtection']
    },
    days: parseInt(days.value || '365')
});

// Generate key pair for certificate
cert.generate(provider.value).then(function(key) {

    // Output ready private key
    certificate.textContent = key.encode('PEM');

    // Sign certificate
    return cert.sign(key);
}).then(function() {

    // Output ready certificate
    certificate.textContent = cert.encode('PEM') + '\r\n\r\n' + certificate.textContent;

    // Verify certificate
    return cert.verify();
}).catch(function(reason) {
    alert(reason.message);
});