Node JS SSL pinning with self signed certificate.

Question

I want my node.js server allow only the http request that contains an SSL Certificate, in order to avoid the "man in the middle"

Problem is that with a self signed certificate it does not work at all.

Here is my simple node.js server:

var fs = require('fs'); 
var https = require('https'); 
var util = require('util'); 

var options = { 
    key: fs.readFileSync('keys/myKey.key'), 
    cert: fs.readFileSync('keys/cert.crt'), 
    requestCert: true, 
    rejectUnauthorized: false, 
    agent: false,
}; 


https.createServer(options, function (req, res) { 
    console.log(new Date()+' '+ 
        req.connection.remoteAddress+' '+ 
        req.method+' '+req.url + 'auth = ' + req.client.authorized); 
    res.writeHead(200); 
    res.end("hello world\n"); 
}).listen(8443);

Client.authorized will always be no because it's a self signed certificate.

Any idea how can i manage to allow request with certificate and fallow the request without the certificate to another place ? Kind of :

https.createServer(options, function (req, res) { 
  if (req.hasCertificateThatMatchTheOneOnMyServer) {
    // do something
  }
  else {
    // do something else
  }
}

Thank you very much.

Answer 1

Set the environment variable NODE_EXTRA_CA_CERTS to point to the file system location that contains the server and the client self-signed certificates.

Also, consider reading the explanation in this answer just to ensure that your self-signed certificate is in sync with the enabled NodeJS cipher suites: https://stackoverflow.com/a/53325115/1235935