Recently I’ve been trying to make a basic TLC server and client to maybe put on a Rasperry PI. I found an example on github and i modified it so its up to date. My issue is that Node JS keeps saying unable to verify the first certificate Even though i generated a new one.
note the certificates and keys are self signed.
Here is my code, I have not the slightest clue as to why its failing because when I set ServerOptions As the client options, it just logs Unsecure connection.
Server.js
'use strict';
const tls = require('tls');
const fs = require('fs');
const util = require('util');
const events = require('events');
const port = 4170;
const ServerOptions = {
key: fs.readFileSync('agent1-key.pem'),
cert: fs.readFileSync('agent1-cert.pem'),
ca: fs.readFileSync('root-cert.pem'), // authority chain for the clients
requestCert: true,
rejectUnauthorized: false
};
var server = tls.createServer(ServerOptions, (socket) => {
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(socket);
})
.on('connection', function(c) {
console.log('Unsecure connection');
})
.on('secureConnect', function (c) {
// c.authorized will be true if the client cert presented validates with our CA
console.log('secure connection\n client authorization Status:', c);
})
.listen(port, function() {
console.log('server listening on port' + port + '\n');
});`
Client.js
const tls = require('tls');
const fs = require('fs');
const util = require('util');
const events = require('events');
const port = 4170;
const ClientOptions = {
key: fs.readFileSync('agent2-key.pem'),
cert: fs.readFileSync('agent2-cert.pem'),
ca: fs.readFileSync('root-cert.pem')
};
const socket = tls.connect(port, ClientOptions, () => {
console.log('client connected', socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('end', () => {
server.close();
});
So as you probably saw, there is the ca1-cert.pem, agent1-cert.pem, agent2-cert.pem, agent1-key.pem, and agent2-key.pem. Those are the certificates.
Each of the cert files have the beginning and ending
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
And each of the key files have the beginning and ending
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
In addition to that, I’m wondering how secure this is because my initial plan is to use this as a login/database server or something that cant be easily hacked into.
Thank you.
Aucun commentaire:
Enregistrer un commentaire