3

I'm testing Node.JS and TLS and are creating a simple server and client. This seems to work fine:

server.js:

const tls = require('tls');
const fs = require('fs');

const options = {
  key: fs.readFileSync('./server-certs/server.key'),
  cert: fs.readFileSync('./server-certs/server.crt'),
  rejectUnauthorized: false,
  requestCert: true
};

const server = tls.createServer(options, (socket) => {
  console.log('server connected',
              socket.authorized ? 'authorized' : 'unauthorized');

  console.log(socket.getPeerCertificate(true).raw);

  socket.write('welcome!\n');
  socket.setEncoding('utf8');
  socket.pipe(socket);
});
server.listen(8000, () => {
  console.log('server bound');
});

client.js:

const tls = require('tls');
const fs = require('fs');

const options = {
  key: fs.readFileSync('./client-certs/client.key'),
  cert: fs.readFileSync('./client-certs/client.crt')
};

const socket = tls.connect(8000, options, () => {
  console.log('client connected',
              socket.authorized ? 'authorized' : 'unauthorized');
  process.stdin.pipe(socket);
  process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
  console.log(data);
});
socket.on('end', () => {
  console.log('server ends connection');
});

With the server.js I print out the client cert:

console.log(socket.getPeerCertificate(true).raw);

But doing cat client.crt on Linux I have the following long string:

-----BEGIN CERTIFICATE-----
MIICsDCCAZgCCQC8miOEYnXCXDANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQGEwJV
...
MHBcIlA2R3ssgfhlcSJcaR59LKA=
-----END CERTIFICATE-----

Is it possible for the server.js to get that string from the client certificate?

Alfred Balle
  • 1,135
  • 4
  • 16
  • 32

1 Answers1

3
console.log(socket.getPeerCertificate(true).raw);

This returns the certificate in DER format. What you see in client.crt is the certificate in PEM format - which is basically base64 of the binary DER format with some header and footer line added. You could convert the PEM to DER using openssl x509 -in client.crt -outform der. Or you could convert the DER formatted certificate to PEM in nodejs as suggested in NodeJS: Validate certificate in DER format.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • `var prefix = '-----BEGIN CERTIFICATE-----\n'; var postfix = '-----END CERTIFICATE-----'; var pemText = prefix + socket.getPeerCertificate(true).raw.toString('base64').match(/.{0,64}/g).join('\n') + postfix;` seems to work, thank you. – Alfred Balle Nov 30 '18 at 11:19