Who do I get https.request() to trust my internally-signed server certificate. Here is a quick example of the code I'm running in v0.10.25:
var options = {
hostname: 'encrypted.mydomain.local',
port: 443,
path: '/',
method: 'GET'
};
var https = require('https')
https.request(options)
I'm running this on a Windows system which has my internal root CA trusted at the system level, but whenever I make a request like this I get the exception
events.js:72
throw er; // Unhandled 'error' event
^
Error: CERT_UNTRUSTED
at SecurePair.<anonymous> (tls.js:1370:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:982:10)
at CleartextStream.read [as _read] (tls.js:469:13)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:223:10)
at writeOrBuffer (_stream_writable.js:213:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:583:24)
For a little more detail, this is all happening inside of the node-atlassian-crowd module I'm attempting to use for authentication
You need to add a ca: cafile.pem
line to your options. See http://nodejs.org/api/https.html#https_https_request_options_callback for more details.
The relevant portion:
The following options from tls.connect() can also be specified. However, a globalAgent silently ignores these.
pfx: Certificate, Private key and CA certificates to use for SSL. Default null.
key: Private key to use for SSL. Default null.
passphrase: A string of passphrase for the private key or pfx. Default null.
cert: Public x509 certificate to use. Default null.
ca: An authority certificate or array of authority certificates to check the remote host against.
During application startup, read in the CA's certificate file with something like var casigningcert = fs.readFileSync('keys/ca-certsigning-cert.pem')
and then consume it later in your options, which should then look something like:
var options = {
hostname: 'encrypted.mydomain.local',
port: 443,
path: '/',
method: 'GET',
ca: casigningcert
};
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With