Reputation: 801
How can I get information around the full certificate chain with Nodejs?
I'm creating a service in node to verify the statuses of all the certificates for all the domains our company depends upon. Initially we're just concerned with the expiration dates, but may need more information later. I can retrieve the appropriate details for the lowest level cert via
var https = require('https');
var options = {
host: 'google.com',
port: 443,
method: 'GET'
};
const request = https.request(options, function(res) {
console.log(res.connection.getPeerCertificate());
});
request.end();
but I'm looking to get the detailed information for every cert in the certificate chain. How is this possible in nodejs?
i.e. For google.com, I'd like to get full detailed information for each of
Google Trust Services - GlobalSign CA-R2 -> GTS CA 101 -> www.google.com
I imagine I can recursively make calls to each cert's issuer but not quite sure how or if it's possible.
Upvotes: 2
Views: 3574
Answers (1)
Reputation: 707148
Per the doc, if you pass true like this:
res.connection.getPeerCertificate(true)
Then, you will get detail about the whole chain. When the full certificate chain is requested, each certificate will include an issuerCertificate property containing an object representing its issuer's certificate and you can follow the chain using it. Here's an example:
var https = require('https');
var options = {
host: 'google.com',
port: 443,
method: 'GET'
};
const request = https.request(options, function(res) {
let cert = res.connection.getPeerCertificate(true);
let list = new Set();
do {
list.add(cert);
console.log("subject", cert.subject);
console.log("issuer", cert.issuer);
console.log("valid_from", cert.valid_from);
console.log("valid_to", cert.valid_to);
cert = cert.issuerCertificate;
} while (cert && typeof cert === "object" && !list.has(cert));
res.on('data', data => {
//console.log(data.toString('utf8'));
});
});
request.end();
The doc does not explain how you know when you're at the end of the chain (I would have thought it would be denoted by a null issuer, but console.log() reported a circular reference so I added a Set to keep track of the certificates we'd seen so far in order to detect when the chain became circular to know when to stop following the chain.
Upvotes: 9
Related Questions
- Get public key from certificate in nodejs
- How do I access the raw (or full) X509 Certificate in a Node.js web app
- NodeJS - Get certificate Chain from P7B file
- Node.js: access the client certificate
- How to View NodeJS SSL Negotiation Results
- NodeJS check validity of SSL certification other host
- Get complete certificate chain including the root certificate
- How to read SSL data?
- Locating SSL certificate, key and CA on server
- How to get SSL certificate information using node.js?