Hey, I'm working with an involved implementation of the TLS protocol, with two different ports, both requiring client certs. Port n: *Control* channel. Connections are only accepted from known client certificates. Port n+1: *Pairing* channel. Any certificate can connect. A final challenge confirmation step adds the client's certificate to the whitelist for port n.
The challenge uses the *modulus and exponent* of *both peer's* certificates. In Node I easily got these details for the remote end using conn.getPeerCertificate(). Why isn't there a conn.getLocalCertificate() as well? The cert info has to be used by TLS in some way anyway. My workarounds for getting the local cert details are: 1. Shell out to openssl and parse its output 2. Require the user to put the exponent/modulus from openssl output into a config file 3. Connect to myself on startup and take note of getPeerCertificate() - *Requires a local server*, even for clients 4. Deploy a getPeerCertificate() service on EC2 5. Parse the .crt file myself (didn't find an NPM package capable of doing it) None of these are ideal, but I ended up going with *#3* because it was a quick hack without mess. Still a hack. Is there an actual way to get the local cert?? Thanks in advance, Dan -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/d45b12ab-0bfa-4509-a15e-8ac57b7c425c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.