Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

source: node_modules/undici/docs/best-practices/client-certificate.md

main

Last change on this file was d24f17c, checked in by Aleksandar Panovski <apano77@…>, 15 months ago
Initial commit
Property mode set to `100644`
File size: 2.0 KB

Rev	Line
[d24f17c]	1	# Client certificate
	2
	3	Client certificate authentication can be configured with the `Client`, the required options are passed along through the `connect` option.
	4
	5	The client certificates must be signed by a trusted CA. The Node.js default is to trust the well-known CAs curated by Mozilla.
	6
	7	Setting the server option `requestCert: true` tells the server to request the client certificate.
	8
	9	The server option `rejectUnauthorized: false` allows us to handle any invalid certificate errors in client code. The `authorized` property on the socket of the incoming request will show if the client certificate was valid. The `authorizationError` property will give the reason if the certificate was not valid.
	10
	11	### Client Certificate Authentication
	12
	13	```js
	14	const { readFileSync } = require('fs')
	15	const { join } = require('path')
	16	const { createServer } = require('https')
	17	const { Client } = require('undici')
	18
	19	const serverOptions = {
	20	ca: [
	21	readFileSync(join(__dirname, 'client-ca-crt.pem'), 'utf8')
	22	],
	23	key: readFileSync(join(__dirname, 'server-key.pem'), 'utf8'),
	24	cert: readFileSync(join(__dirname, 'server-crt.pem'), 'utf8'),
	25	requestCert: true,
	26	rejectUnauthorized: false
	27	}
	28
	29	const server = createServer(serverOptions, (req, res) => {
	30	// true if client cert is valid
	31	if(req.client.authorized === true) {
	32	console.log('valid')
	33	} else {
	34	console.error(req.client.authorizationError)
	35	}
	36	res.end()
	37	})
	38
	39	server.listen(0, function () {
	40	const tls = {
	41	ca: [
	42	readFileSync(join(__dirname, 'server-ca-crt.pem'), 'utf8')
	43	],
	44	key: readFileSync(join(__dirname, 'client-key.pem'), 'utf8'),
	45	cert: readFileSync(join(__dirname, 'client-crt.pem'), 'utf8'),
	46	rejectUnauthorized: false,
	47	servername: 'agent1'
	48	}
	49	const client = new Client(`https://localhost:${server.address().port}`, {
	50	connect: tls
	51	})
	52
	53	client.request({
	54	path: '/',
	55	method: 'GET'
	56	}, (err, { body }) => {
	57	body.on('data', (buf) => {})
	58	body.on('end', () => {
	59	client.close()
	60	server.close()
	61	})
	62	})
	63	})
	64	```

Note: See TracBrowser for help on using the repository browser.

Download in other formats: