Reputation: 215
Where is the default CA certs used in nodejs?
I'm connecting to a server whos cert is signed by my own CA, the ca's cert had installed into system's keychain.
connecting with openssl s_client -connect some.where says Verify return code: 0 (ok)
but i cant connect with nodejs's tls/https module, which fails with
Error: SELF_SIGNED_CERT_IN_CHAIN
but connecting to a normal server (i.e google.com:443) works fine.
seems that nodejs's openssl is not sharing same keychain with system's openssl.
but I cannt find where is it. i tried overide with SSL_CERT_DIR but not seemed working.
BTW: i can bypass the server verifying by setting NODE_TLS_REJECT_UNAUTHORIZED=0 , but that's not pretty enough ;)
Im using OSX 10.8.3 with OpenSSL 0.9.8r, node v0.9.8
Upvotes: 6
Views: 19784
Answers (3)
Reputation: 2702
You can make node use the system's OpenSSL certificates. This is done by starting node via:
node --use-openssl-ca
- See the docs for further information.
- See this answer on how system certificates are extended for Debian and Ubuntu
Upvotes: 14
Reputation: 181
The default root certificates are static and compiled into the node binary.
https://github.com/nodejs/node/blob/v4.2.0/src/node_root_certs.h
Upvotes: 8
Reputation: 14089
If you're using the tls module (and it seems like you are) with tls.connect you can pass a ca param in the options that is an array of strings or buffers of certificates you want to trust.
Upvotes: 4
Related Questions
- How to add custom certificate authority (CA) to nodejs
- How to set $env:NODE_EXTRA_CA_CERTS to "default" value?
- How can I set NODE_EXTRA_CA_CERTS on node
- Can nodejs generate SSL certificates?
- Where is node's certificate store?
- Valid CA certificates
- NodeJS unable to read default CAs in ubuntu
- node certificate store, does node read only from hard coded list of certificates?
- Location of npm CA cert
- Locating SSL certificate, key and CA on server