在 Windows 上运行 NodeJS 的 Web 请求中包含带有证书的私钥

Question

I need to authenticate my GET request to an API by providing a certificate with the web request.

I am using NodeJS running on a Windows client.

The request is failing, apparently due to the need to include the private key in plain text, which I do not have available to me.

Am I missing a way to use an X509 with the key embedded (not plain text)?

I can get the full certificate with the private key in a couple of ways, but I cannot get the private key in plain text.

I have tried the WIN-CA NPM module, but it does not deal with private keys .

Any ideas, confirmation of the issue, and solutions are appreciated.

Thanks!

Answer 1

I was able to get this to work in rather a round-about way. Part of the issue is that our certificate authority is an internal provider.

To solve the issue we:

• We updated the old code to the Node.js https module.
• We then added the win-ca module to inject the corporate certificate authorities.
• We used win-cert module to obtain the certificate with private key.

Node that We did not want to copy the certificate to the file system, so using NODE_EXTRA_CA_CERTS and similar was not preferred.

Code extract:

const https = require('https');
const winCert = require('win-cert');
require('win-ca/api')({store: ['root', 'ca'], inject: true});

const certOptions = {
    storeName: 'My',
    storeLocation: 'LocalMachine',
    thumbprint: '098d3.....'
};

const httpOptions = {
    method: 'GET',
    headers: {
        'Accept': 'application/json',
        'Accept-Charset': 'utf-8',
    }
};


const certAndKey = winCert.getCertificate(certOptions).then((resolve, reject) => {
    certObtained = true;
    httpOptions.cert = resolve.cert;
    httpOptions.key = resolve.key;
});

const dpmRequest = https.request(httpOptions, ...

Note that if the process is not running as admin, or if the certificate is not marked as exportable, the key will not be accessible.