See https://groups.google.com/forum/#!topic/node-red/ejZSgG2Yk9Q
Need to add something to the explanation and maybe an example or 2.
So when you serve up HTTPS, you give the server (node.js in this case) the private key of the server's cert and a certificate containing the full chain of authorisation (the server's cert and the ca cert). The private key and cert of the CA MUST be kept secret - forever!
But when you want to consume an HTTPS connection, you don't get the private key. However, you do need the public key and certificate of the CA otherwise you cannot verify that the servers certificate is valid & you get an error.
Assuming Node-RED isn't doing anything special, you have the choice of turning off CA checks in Node.js by adding an environment variable when calling node.js. "NODE_TLS_REJECT_UNAUTORISED" is the variable and you need to set it to 0 (zero). BUT, this turns off CA checks for Node-RED as a whole which is not ideal.
Node.JS also allows you to pass an optional "ca" attribute to an https.request call which is really what you want but I'm pretty sure that Node-RED currently doesn't support that. I think that we should raise an issue and see if we can get that added to the enhancements Q
Reference: http://stackoverflow.com/questions/10888610/ignore-invalid-self-signed-ssl-certificate-in-node-js-with-https-request
Example node.js client request with self-signed CA:
#!/usr/bin/env node
var https = require('https')
, fs = require('fs')
, path = require('path')
, ca = fs.readFileSync(path.join(__dirname, 'client', 'my-private-root-ca.crt.pem'))
;
var options = {
host: 'local.ldsconnect.org',
path: '/',
ca: ca
};
options.agent = new https.Agent(options);
https.request(options, function(res) {
res.pipe(process.stdout);
}).end();From: https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js
See https://groups.google.com/forum/#!topic/node-red/ejZSgG2Yk9Q
Need to add something to the explanation and maybe an example or 2.
So when you serve up HTTPS, you give the server (node.js in this case) the private key of the server's cert and a certificate containing the full chain of authorisation (the server's cert and the ca cert). The private key and cert of the CA MUST be kept secret - forever!
But when you want to consume an HTTPS connection, you don't get the private key. However, you do need the public key and certificate of the CA otherwise you cannot verify that the servers certificate is valid & you get an error.
Assuming Node-RED isn't doing anything special, you have the choice of turning off CA checks in Node.js by adding an environment variable when calling node.js. "NODE_TLS_REJECT_UNAUTORISED" is the variable and you need to set it to 0 (zero). BUT, this turns off CA checks for Node-RED as a whole which is not ideal.
Node.JS also allows you to pass an optional "ca" attribute to an https.request call which is really what you want but I'm pretty sure that Node-RED currently doesn't support that. I think that we should raise an issue and see if we can get that added to the enhancements Q
Reference: http://stackoverflow.com/questions/10888610/ignore-invalid-self-signed-ssl-certificate-in-node-js-with-https-request
Example node.js client request with self-signed CA:
From: https://github.com/Daplie/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js