Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where is node's certificate store?

Tags:

node.js

macos

ssl

ssl-certificate

I am making an https request (using the request module) to a server with a self-signed cert. It throws an error if I don't specify strictSSL: false as an option.

This cert is already trusted on my OS (OSX), such that Chrome doesn't throw an error while accessing a webpage from that server.

I understand different applications/environments may have their own certificate stores. Firefox has its own, and the JVM, for example, is usually at $JAVA_HOME/jre/lib/security/cacerts (on OSX).

My question is, where does node look for its trusted CA's? Is there such a concept? I'd like to add my self-signed cert there for development purposes.

like image 279
badunk Avatar asked Jan 08 '14 19:01

badunk

People also ask

Where is my digital certificate stored?

This certificate store is located in the registry under the HKEY_LOCAL_MACHINE root. This type of certificate store is local to a user account on the computer. This certificate store is located in the registry under the HKEY_CURRENT_USER root.

Where is encryption certificate stored?

Security certificates are used for a range of purposes. Among these include identity verification, file encryption, Web authentication, email security and software signature checking. Every certificate on your business computer is stored in a centralized location called the Certificate Manager.

Where is the server certificate stored?

When you add Certificate Services on a Windows server and configure a CA, a certificate database is created. By default, the database is contained in the %SystemRoot%\System32\Certlog folder, and the name is based on the CA name with an . edb extension.

Where is Internet Explorer certificate store?

Open Internet Explorer. From the Tools menu, choose Internet Options. In the Internet Options dialog box, click the Content tab and then the Certificates button to display the Certificates dialog box.

2 Answers

It seems that while there is no store, but there is a default list of CA's built into the source.

My search ultimately led me to the closest thing to a store, this file of CA's that node.js supports:

https://github.com/joyent/node/blob/master/src/node_root_certs.h

Thus, while it is true that it doesn't do a lookup on the system hosted CA's and that there is no "store" per se, there is a default list of CA's that it accepts.

As mentioned by @Joe and @damphat, you can add your own with the Agent.options.ca property, unfortunately that workaround isn't practical in my case.

like image 53
badunk Avatar answered Oct 11 '22 01:10

badunk

There is not a store. You can pass a ca option to the https request to tell it what CAs you do trust.

From the docs:

The following options from tls.connect() can also be specified. However, a globalAgent silently ignores these.

  • ca: An authority certificate or array of authority certificates to check the remote host against.

In order to specify these options, use a custom Agent. 

var options = {
  ...
  ca: CA or [array of CAs]
  ...
};

options.agent = new https.Agent(options);

var req = https.request(options, function(res) {

Ref: http://nodejs.org/api/https.html#https_https_request_options_callback

like image 23
Joe Avatar answered Oct 11 '22 01:10

Joe
Sign in to Comment

Related questions

know the position of the finger in the trackpad under Mac OS X
Make my Cocoa app respond to the keyboard play/pause key?
Move a file to a new folder, keeping Git history
In Textmate2, how do you disable the header-styles in Markdown documents?
How to fix "No manual entry for gcc"?
Which characters are allowed in a bash alias [closed]
Problems with "Matplotlib is building the font cache using fc-list. This may take a moment." on MacoS
External GPU for machine learning [closed]
Where is the default tesseract installation folder on a mac?
MacOS Chrome horizontal scrollbar not disappearing
cron jobs under mac os 10.6 snow leopard
add a start up item via command line (mac)
Where can I get resources for developing for Mac OS Classic? [closed]
What is a 10.6-compatible means of recording video frames to a movie without using the QuickTime API?
Prevent 'not allowed' beep after keystroke in NSView
Dir() function not working in Mac Excel 2011 VBA
Directing Sublime Text 2 Packages to the correct python installation
C - Undefined symbols for architecture x86_64 when compiling on Mac OSX Lion
Break line in terminal PS1 fix
How do I use the current folder name without a path as a variable in automator in Mac?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!