Re: [nodejs] [private|local] CA & reverse proxy

Mon, 05 Aug 2013 03:10:18 -0700 

On Mon, Aug 5, 2013 at 5:10 AM, ming <hseum...@gmail.com> wrote:
> Hi,
> Currently i'm running a private (or local) CA.  i use the private CA to sign
> client-side certs.  In addition, the cert of the server that i run my
> node.js program on is also signed by my private CA.
>
> To wit, i've the following:
>
> ---------------------------------------------
> var proxyOptions =
>   {
>     key:  fs.readFileSync('server.key'),
>     cert: fs.readFileSync('server.cert'),
>     ca:   fs.readFileSync('CA.cert'),
>     requestCert: true,
>     ...
>   };
>
> https.createServer
>   (
>     proxyOptions,
>     function(req,res)
>     ...
> ---------------------------------------------
>
> wherein the server.cert is signed by the private CA whose cert is CA.cert.
>
> A quick question: if i replace the server.[key|cert] with key & cert signed
> by some well known root CA (e.g., VeriSign), will that have any impact on
> the existing client-side cert authentication?   My guess is no since the
> client-side certs are signed by the private CA whose cert is still in the
> proxyOptions.   Am i right?
>
> Thanks.

Alas, no.

When you pass a CA certificate/chain with the 'ca' option, node.js
won't load any root certificates, just the certificate/chain that you
specified.

Maybe we should add an option that says 'load this CA _and_ the root
certificates.'  If you open an issue, we'll look into it.

-- 
-- 
Job Board: http://jobs.nodejs.org/
Posting guidelines: 
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to