I bought an SSL certificate at GoDaddy and I'm using the following node.js server to attempt to set it up:
var https = require('https'), // module for https
fs = require('fs'); // required to read certs and keys
var options = {
key: fs.readFileSync('../../ssl/example.com.key'),
cert: fs.readFileSync('../../ssl/example.com.crt'),
ca: fs.readFileSync('../../ssl/gd_bundle.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type": "application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type": "application/json"});
res.end('{"status":"denied"}');
}
}).listen(443);
After running the server, I attempted to visit the website at https://example.com and I just get
{"status":"denied"}
I guess this is working properly since I'm getting a response, but I think my understanding of how SSL works is wrong. I thought the browser gets the certificate from the server, which then authenticates it against root certs, i.e. from GoDaddy. so shouldn't i get
{"status":"approved"}
just simply visiting https://example.com ?
So I guess my question is, how do I visit https://example.com and get {"status":"approved"}?
Thanks!
The reason you are getting denied, is because you are trying to authenticate using client certificate authentication. Each end user needs a client certificate signed by your server certificate. How to setup Client Certificates and Certificate Auth with Node.
If you are just attempting to encrypt your web traffic, you don't need the client certificates. Use the example here http://nodejs.org/docs/latest/api/https.html if you just want the traffic encrypted.
This is wrong:
ca: fs.readFileSync('../../ssl/gd_bundle.crt')
ca needs to be an array of strings or buffers containing individual certificates. If you supply a bundle, only the first certificate is used and the rest is ignored.
See also: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener