coolaj86
/
ssl-root-cas.js
1
0
Fork 0
Code Issues 7 Pull Requests Releases Activity
The module you need to solve node's SSL woes when including a custom certificate.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
24 Tags
1.4 MiB
 
Tree: 07ddece429
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07ddece429'
${ noResults }
AJ ONeal 07ddece429
add addFile() method 		10 years ago
pems added certs as individual files 10 years ago
.gitignore Initial commit 10 years ago
AUTHORS created module. yay. 10 years ago
LICENSE Initial commit 10 years ago
README.md add addFile() method 10 years ago
ca-store-generator.js add addFile() method 10 years ago
package.json add addFile() method 10 years ago
ssl-root-cas.js don't re-add if array is tagged with __injected 10 years ago

README.md

SSL Root CAs

The module you need to solve node's SSL woes when including a custom certificate.

Let's say you're trying to connect to a site with a cheap-o SSL cert - such as RapidSSL certificate from name.com (the best place to get your domains, btw) - you'll probably get an error like UNABLE_TO_VERIFY_LEAF_SIGNATURE and after you google around and figure that out you'll be able to connect to that site just fine, but now when you try to connect to other sites you get CERT_UNTRUSTED or possibly other errors.

This module is the solution to your woes!

FYI, I'm merely the publisher, not the author of this module. See here: https://groups.google.com/d/msg/nodejs/AjkHSYmiGYs/1LfNHbMhd48J

Usage

'use strict';
 
// This will add the well-known CAs
// to `https.globalAgent.options.ca`
require('ssl-root-cas/latest')
  .inject()
  .addFile(__dirname + '/ssl/01-cheap-ssl-intermediary-a.pem')
  .addFile(__dirname + '/ssl/02-cheap-ssl-intermediary-b.pem')
  .addFile(__dirname + '/ssl/03-cheap-ssl-site.pem')
  ;

For the sake of version consistency this package ships with the CA certs that were available at the time it was published, but for the sake of security I recommend you use the latest ones.

If you want the latest certificates (downloaded as part of the postinstall process), you can require those like so:

require('ssl-root-cas/latest').inject();

You can use the ones that shippped with package like so:

require('ssl-root-cas').inject();

API

inject()

I thought it might be rude to modify https.globalAgent.options.ca on require, so I afford you the opportunity to inject() the certs at your leisure.

inject() keeps track of whether or not it's been run, so no worries about calling it twice.

addFile(filepath)

This is just a convenience method so that you don't have to require fs and path if you don't need them.

require('ssl-root-cas/latest')
  .addFile(__dirname + '/ssl/03-cheap-ssl-site.pem')
  ;

is the same as

var https = require('https')
  , cas
  ;
 
cas = https.globalAgent.options.ca || [];
cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '03-cheap-ssl-site.pem')));

rootCas

If for some reason you just want to look at the array of Root CAs without actually injecting them, or you just prefer to https.globalAgent.options.ca = require('ssl-root-cas').rootCas; yourself, well, you can.

BAD IDEAS

Don't use dissolutions such as these. :-)

This will turn off SSL validation checking. This is not a good idea. Please do not do it. (really I'm only providing it as a reference for search engine seo so that people who are trying to figure out how to avoid doing that will end up here)

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"

The same dissolution from the terminal would be

export NODE_TLS_REJECT_UNAUTHORIZED="0"
node my-service.js