Client ssl authorization on node.js

Question

I`m trying to make client authorization with self-signed .

First, i`m creating certificates:

CA certificate

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Server certificate

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Client sertificate

openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Convert client certificate to p12

openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12

Open and install p12 certificate open client.p12

My node.js server (using express.js)

var express = require('express')
    , routes = require('./routes')
    , user = require('./routes/user')
    , http = require('http')
    , path = require('path')
    , https = require('https')
    , fs = require('fs');

var app = express();

app.configure(function () {
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(express.static(path.join(__dirname, 'public')));
});

app.configure('development', function () {
    app.use(express.errorHandler());
});

app.get('/', function(req, res) {
    console.log(req.client.authorized);
    res.send(req.client.authorized)
});

var options = {
    key:fs.readFileSync('ssl/server.key'),
    cert:fs.readFileSync('ssl/server.crt'),
    ca:[fs.readFileSync('ssl/ca.crt')],
    requestCert:true,
    rejectUnauthorized:false,
    passphrase: 'passphrase',
    agent: false
    };

    https.createServer(options,app).listen(app.get('port'), function () {
        console.log("Express server listening on port " + app.get('port'));
    });

When servers is running, i open https://localhost:3000 in Chrome, but authentication do not pass: req.client.authorized is false

Chrome message is

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

Where is my mistake?

Answer 1

Server URL is matched against the Common Name part of the server certificate.

When you create the server certificate request, remember to put the host name of your server to the Common Name part. If you are just testing locally (using https://localhost as an address) use localhost as Common Name.

Answer 2

With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() to obtain the client's authentication details.

http://nodejs.org/api/http.html#http_request_connection