From 8d4108a338aa51cff4a1e476ce55397322218cac Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 7 Mar 2014 17:55:21 -0600 Subject: [PATCH] Update README.md --- README.md | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6099808..9e6ec2b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,50 @@ -node-ssl-root-cas +SSL Root CAs ================= The module you need to solve node's SSL woes when including a custom certificate. + +Let's say you're trying to connect to a site with a cheap-o SSL cert - +such as RapidSSL certificate from [name.com](http://name.com) (the **best** place to get your domains, btw) - +you'll probably get an error like `UNABLE_TO_VERIFY_LEAF_SIGNATURE` and after you google around and figure that +out you'll be able to connect to that site just fine, but now when you try to connect to other sites you get +`CERT_UNTRUSTED` or possibly other errors. + +This module is the solution to your woes! + +Usage +===== + +```javascript +'use strict'; + +var https = require('https') + , cas + ; + +cas = https.globalAgent.options.ca = https.globalAgent.options.ca || []; + +cas = cas.concat(require('ssl-root-cas').getOnce()); +cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '01-cheap-ssl-intermediary-a.pem'))); +cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '02-cheap-ssl-intermediary-b.pem'))); +cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '03-cheap-ssl-site.pem'))); +``` + +BAD IDEAS +=== + +This will turn off SSL validation checking. This is not a good idea. Please do not do it. +(really I'm only providing it as a reference for search engine seo so that people who are trying +to figure out how to avoid doing that will end up here) + +```javascript +process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0" +``` + +Don't use solutions like + +The same dissolution from the terminal would be + +```bash +export NODE_TLS_REJECT_UNAUTHORIZED="0" +node my-service.js +```