NodeJS forwarding client SSL certificates

Question

I am working on Node.js server application which is SSL enabled and accepts client certificates. I am using following code to create https server.

const options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem'),
  ca: fs.readFileSync('ca.pem'),
  requestCert: true,
  rejectUnauthorized: true
};

https.createServer(options,app).listen(8090, function(){
    console.log("Listening on 8090");
});

Other Node.js based client apps are able to connect using their SSL certficate and get the service response.

However from my sever, I want to make another server call and wish to pass on the same client certificate I received. I simply want to forward the same ceritifcate, I understand I can get the certificate details in request object, but how to retrieve the crt and key from that object?

I am looking to do something like below:

app.get('/myservice', (req,res) => {
    //req.socket.getPeerCertificate(true);
    var agent = new https.Agent({
        cert: somelibrary(req.socket.getPeerCertificate(true).??????),
            key: somelibrary(req.socket.getPeerCertificate(true).??????),
    });
    fetch('http://AnotherServiceURL', { method: 'GET' agent}).then(function(response){
        res.json(response);
    });

});

Is there any library which can convert request certificate details in a way so as to forward those as key and cert? Or is there any other/better way of doing this?

Answer 1

I understand I can get the certificate details in request object, but how to retrieve the crt and key from that object?

While it would be possible to pass the client certificate itself it is impossible to use it again as client certificate in another TLS connection to the final target. For this you would need to have access to the private key of the client, which as the name says is private to the client. As for getting the client certificate (i.e. the public part) see Node.js: access the client certificate.