Reputation: 1924
Valid CA certificates
I'm following this tutorial and app works, but certificates I created with my server key works
I understand that I need to pass ca option with certificates my server accepts, but I don't know how to specify what I need.
I would like to accept certificates from other CA, not only the ones signed with my server key.
[The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate.][1]
const opts = {
key: fs.readFileSync('server_key.pem'),
cert: fs.readFileSync('server_cert.pem'),
requestCert: true,
rejectUnauthorized: false,
ca: [ fs.readFileSync('server_cert.pem') ],
}
How can I do this?
Upvotes: 0
Views: 350
Answers (1)
Reputation: 1120
It depends on how you're validating, but at the very least you would need to have a .CER copy of the other CA certs installed in your machines certificate store in the trusted root certification authorities folder. After that it'd all fall down to validation. Some validation methods automatically query your machines cert store for the certificate. Or you can programmatic it to pull the CA from your certificate store and construct the chain yourself.
The .CER version of the certificate refers to the public copy that does not contain the private keys used for signing a certificate. This cert can validate other certificates that were issued by it, but it cannot sign a certificate.
If you're on a windows machine, you can access your certificate store through the Microsoft Management Console. Open a cmd prompt and type MMC. Go to file > Add or Remove Snap In > Certificates and select Add. This will prompt you for the specific certificate store you want. If you click the drop down, you'll see additional folders. This will show all trusted certificate authorities in the given store. You will need to add copies of the other CA signing certs here.
Upvotes: 1
Related Questions
- openssl-nodejs always return error while generating key and CSR
- Node.js error with SSL UNABLE_TO_VERIFY_LEAF_SIGNATURE
- How to create a Certificate Authority 'CA' using pem lib NodeJs?
- Can nodejs generate SSL certificates?
- Using node.js to verify a X509 certificate with CA cert
- Nodejs Https Certification
- Installing custom SSL certificate in Node (UNABLE_TO_VERIFY_LEAF_SIGNATURE)
- Validating certificate using NodeJs Crypto
- OpenSSL error - unable to get local issuer certificate
- Unable to verify the first certificate