4

I need to allow users to log into my react website using their DoD issued Common Access Card. I am using an express api as an authentication server. I've got the server configured to require a client cert:

const options = {
      key: fs.readFileSync(config.ssl.keyPath),
      cert: fs.readFileSync(config.ssl.certPath),
      ca: [fs.readFileSync(config.ssl.caPath)],
      requestCert: true,
      rejectUnauthorized: false,
    };

    https.createServer(options, expressApp).listen(port);

How do I get my react app to request/load/read the certificate from the CAC?

JeffW
  • 176
  • 1
  • 14
  • looks like the answer can be found in this article https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326 – imjosh Sep 20 '19 at 20:56
  • make sure you have the relevant dod CAs in your ssl.caPath or the browser may not prompt the user to choose a certificate/enter their pin – imjosh Sep 20 '19 at 20:57
  • @imjosh I have the relevant CA pem files within the directory. For example, I can call `openssl verify -CAfile allCrts.pem myclient.pem` which returns OK. Is this correct? Do I just need to acquire a server cert and key now? – Casey Jun 12 '20 at 20:12

1 Answers1

0

You will need to create a .PFX cert and import it into the browser's certificate store. The certificate generated should be signed by the CA used to start your express server. The certificate imported into your browser should also be enabled for "Client Authentication".

Chris
  • 1