Reputation: 4106
Disable SSL Trusted Peer requirement in specific express router
I'm a newbie to NodeJS(Any JS). I'm trying to develop an app which has multiple routers. Here are my router paths.
var app = express();
var apiRouter = express.Router();
var adminRouter = express.Router();
var pageRouter = express.Router();
app.use('/api', apiRouter);
app.use('/admin', adminRouter);
app.use('/', pageRouter);
apiRouter serve the rest api which will consume in mobile apps.
adminRouter serves the admin dash board.
pageRouter serves the end users as a landing page and some highlights of the app.
I have implemented SSL Peer implementation as below.
options = {
key: // Path to key file,
ca: // Path to CA crt file,
cert: // Path to crt file,
requestCert: true,
rejectUnauthorized: true
};
How ever I need to remove SSL trusted peer implementation from pageRouter as end user do not have my certification and key. So how can I disable the SSL trusted peer implementation on pageRouter only?
Upvotes: 0
Views: 505
Answers (1)
Reputation:
You won't know what path a client is making a request for until its TLS session has already been negotiated. By that point, it's too late to reject a connection for lacking a client certificate.
Consider putting the API endpoints which require a client certificate on a separate subdomain, or a different port.
Upvotes: 1
Related Questions
- Enabling HTTPS on express.js
- Disable TLS 1.0 & 1.1 OR only use TLS 1.2 and greater in Node.js Express
- How to disable Tls 1.3 in nodejs request
- Express Gateway disable TLSv1.0
- Force SSL with expressjs 3
- Enabling HTTPS on an express server
- Setting Node Server (https)
- How to set the allowed protocol for a node.js HTTPS server?
- Node.js Prevent to connect with revoked certificate
- Express 3.0 HTTPS