Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Client ssl authorization on node.js

I`m trying to make client authorization with self-signed .

First, i`m creating certificates:

CA certificate

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Server certificate

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Client sertificate

openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365

Convert client certificate to p12

openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12

Open and install p12 certificate open client.p12

My node.js server (using express.js)

var express = require('express')
    , routes = require('./routes')
    , user = require('./routes/user')
    , http = require('http')
    , path = require('path')
    , https = require('https')
    , fs = require('fs');

var app = express();

app.configure(function () {
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.set('view engine', 'ejs');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.methodOverride());
    app.use(app.router);
    app.use(express.static(path.join(__dirname, 'public')));
});

app.configure('development', function () {
    app.use(express.errorHandler());
});

app.get('/', function(req, res) {
    console.log(req.client.authorized);
    res.send(req.client.authorized)
});

var options = {
    key:fs.readFileSync('ssl/server.key'),
    cert:fs.readFileSync('ssl/server.crt'),
    ca:[fs.readFileSync('ssl/ca.crt')],
    requestCert:true,
    rejectUnauthorized:false,
    passphrase: 'passphrase',
    agent: false
    };

    https.createServer(options,app).listen(app.get('port'), function () {
        console.log("Express server listening on port " + app.get('port'));
    });

When servers is running, i open https://localhost:3000 in Chrome, but authentication do not pass: req.client.authorized is false

Chrome message is

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

Where is my mistake?

like image 775
Ashot Avatar asked Jan 17 '13 16:01

Ashot


People also ask

Does SSL provide client authentication?

SSL-enabled servers can be configured to require client authentication, or cryptographic validation by the server of the client's identity.


2 Answers

Server URL is matched against the Common Name part of the server certificate.

When you create the server certificate request, remember to put the host name of your server to the Common Name part. If you are just testing locally (using https://localhost as an address) use localhost as Common Name.

like image 88
Jukka Avatar answered Oct 21 '22 23:10

Jukka


With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() to obtain the client's authentication details.

http://nodejs.org/api/http.html#http_request_connection

like image 2
sWORDs Avatar answered Oct 21 '22 22:10

sWORDs