On Mon, Aug 5, 2013 at 5:10 AM, ming <hseum...@gmail.com> wrote: > Hi, > Currently i'm running a private (or local) CA. i use the private CA to sign > client-side certs. In addition, the cert of the server that i run my > node.js program on is also signed by my private CA. > > To wit, i've the following: > > --------------------------------------------- > var proxyOptions = > { > key: fs.readFileSync('server.key'), > cert: fs.readFileSync('server.cert'), > ca: fs.readFileSync('CA.cert'), > requestCert: true, > ... > }; > > https.createServer > ( > proxyOptions, > function(req,res) > ... > --------------------------------------------- > > wherein the server.cert is signed by the private CA whose cert is CA.cert. > > A quick question: if i replace the server.[key|cert] with key & cert signed > by some well known root CA (e.g., VeriSign), will that have any impact on > the existing client-side cert authentication? My guess is no since the > client-side certs are signed by the private CA whose cert is still in the > proxyOptions. Am i right? > > Thanks.
Alas, no. When you pass a CA certificate/chain with the 'ca' option, node.js won't load any root certificates, just the certificate/chain that you specified. Maybe we should add an option that says 'load this CA _and_ the root certificates.' If you open an issue, we'll look into it. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.