Hello Guys and Gals, I can use your help. I'm a n00b when it comes to SSL. This is my first time getting a CA signed cert issued and coding a node.js instance to use https/tls.
I have the node https/tls running without any error messages upon instantiation. I have followed the this code here to get some error messages to be produced from the server when a call comes in with the wrong authorization. http://nodejs.org/api/tls.html I'm using this for my credentials. Network solutions gave me 4 .crt and I attempted to cat filess < All_AddTrust_DV_2_CA.crt. Unfortunately I do not know if this is right or wrong, if it needs extra line feeds or whatever. var secure_options = { key: secure_fs.readFileSync('THE_PATH/sample.whataremindsfor.com.key', 'utf8'), cert: secure_fs.readFileSync('THE_PATH/SAMPLE.WHATAREMINDSFOR.COM.crt', 'utf8'), ca: secure_fs.readFileSync('THE_PATH/All_AddTrust_DV_2_CA.crt', 'utf8') }; I found away to attempt to test the SSL CA cert with the following call from another terminal on the same machine, getting this output below. I hope someone can help me here. [2014-11-21 11:11:11.380] [INFO] console - server connected 'unauthorized' [2014-11-21 11:46:57.673] [INFO] console - server connected 'unauthorized' openssl s_client -connect 127.0.0.1:46900 CONNECTED(00000003) depth=0 OU = Domain Control Validated, OU = nsProtect Secure Xpress, CN = sample.whataremindsfor.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = nsProtect Secure Xpress, CN = sample.whataremindsfor.com verify error:num=27:certificate not trusted verify return:1 depth=0 OU = Domain Control Validated, OU = nsProtect Secure Xpress, CN = sample.whataremindsfor.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=nsProtect Secure Xpress/CN=sample. whataremindsfor.com i:/C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions DV Server CA 2 --- Server certificate -----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQZKH2LzShxkMU//ZbvGTeKDANBgkqhkiG9w0BAQsFADB6 MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVkExEDAOBgNVBAcTB0hlcm5kb24xITAf BgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjEpMCcGA1UEAxMgTmV0d29y ayBTb2x1dGlvbnMgRFYgU2VydmVyIENBIDIwHhcNMTQxMTE4MDAwMDAwWhcNMTUx MTE4MjM1OTU5WjBqMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQx IDAeBgNVBAsTF25zUHJvdGVjdCBTZWN1cmUgWHByZXNzMSMwIQYDVQQDExpzYW1w bGUud2hhdGFyZW1pbmRzZm9yLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMml21naQ4VeSJTgO986uAxT65PGDsiR0Di7khtCSZBYbsIcxbI8K33B VE6cEOb8rZXDzACG5XEBDkBAE1N/WEzfsFMEDRfDWMQkKDqgK5/GDetUHB6UFfDF jhXVHItDo2yUHrVtDYa9uTLfQ78jp+fARwZ+VVu8kXEI7CojXC9hHTNyiHpwt1rF Z5+pKMq8WCc1gQoBU6LFlFa4DTTKrpqSBhlJOHLe3GNj/TjMjxayTRilxh0EVx/M Y+SBpkQYM7bbD++Ob9QXgANK7QwfGKj8HrLQCFVF8heSQVmRJKLRiyd+BDYj5i4N JcrUbSoQMcfDoWSyXEIACMlznTwfFvkCAwEAAaOCAgcwggIDMB8GA1UdIwQYMBaA FFHO31QdtyxXq2hhSAIa07KF7ECqMB0GA1UdDgQWBBSRr6nTyTFe3OIcMiKOkFV8 VlEbIDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0gBG4wbDBgBgwrBgEEAYYOAQIBCQEwUDBO BggrBgEFBQcCARZCaHR0cDovL3d3dy5uZXR3b3Jrc29sdXRpb25zLmNvbS9sZWdh bC9TU0wtbGVnYWwtcmVwb3NpdG9yeS1jcHMuanNwMAgGBmeBDAECATBJBgNVHR8E QjBAMD6gPKA6hjhodHRwOi8vY3JsLm5ldHNvbHNzbC5jb20vTmV0d29ya1NvbHV0 aW9uc0RWU2VydmVyQ0EyLmNybDB7BggrBgEFBQcBAQRvMG0wRAYIKwYBBQUHMAKG OGh0dHA6Ly9jcnQubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zRFZTZXJ2 ZXJDQTIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5uZXRzb2xzc2wuY29t MEUGA1UdEQQ+MDyCGnNhbXBsZS53aGF0YXJlbWluZHNmb3IuY29tgh53d3cuc2Ft cGxlLndoYXRhcmVtaW5kc2Zvci5jb20wDQYJKoZIhvcNAQELBQADggEBAExoI6yX b0Dv4mlWrJ0pTpp3CQvu0zp8V1mWrXYtxB5DUss6VRf6r7fiL15Skb+uayILgFwx egs63fb/KuX2LT8xIQyMGNZ429DSzoA2I4lJjYpShb3FS0wcrt0uWxbyByZM1Yt0 SN3ARpePSZupIaplcfcemNSdgSXSGFhmlrihiq+z/oW5k5/jZZ6TDt1bJwZ2Bxww SIox9MdGV/92QrpjjXcnKsJ4gL5nSA9C4YRUN4pih7buffq+DFRnvEo6kBJctGeO 4qNdRkz+V+Rmev/JbbxEMtRWf/HCBginxbyG1fJaccMXzqrS6lf4X89DD6x6YUgd ZDEirYzqLRoDtvY= -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=nsProtect Secure Xpress/CN=sample. whataremindsfor.com issuer=/C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions DV Server CA 2 --- No client certificate CA names sent --- SSL handshake has read 1711 bytes and written 581 bytes --- New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES256-GCM-SHA384 Session-ID: 6328E390DEBF3DBF9377410DDA07D2F6795E32E0EE4E1FDC9D9C1539CD7AE212 Session-ID-ctx: Master-Key: 16DE4CDDA2167BD8157406E3D95062DF37EE69409961E6A8F549EA0D16939800C9A402ECE052BC2907C57591EA3FC17E Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 8d e3 93 fb dd 5d d5 d1-5a 88 14 72 5d 70 6e f1 .....]..Z..r]pn . 0010 - 25 c3 4c af 6e 51 66 af-fb b4 08 09 47 2c bd 4d %.L.nQf.....G,. M 0020 - 7c 79 71 66 35 bb b9 30-ff 29 61 41 12 46 bb e6 |yqf5..0.)aA.F .. 0030 - d4 ea d9 86 b3 59 75 dc-ad 2c 27 19 87 33 97 e4 .....Yu.., '..3.. 0040 - bc 9c 1d 0b 02 96 1f 96-1b ef 4c d7 ab f6 32 b2 ..........L...2. 0050 - cc 1e fc 85 28 70 c1 bd-2f 94 aa df 9e 80 e3 6e ....(p../......n 0060 - 52 9d 89 5e ac 52 df 8e-16 8a 25 33 37 56 1f e0 R..^.R....%37V.. 0070 - cc 24 c9 f2 e9 69 5d 14-15 56 22 c2 ae c4 8b 1f .$...i]..V"..... 0080 - 09 4e 1c 1a 43 c1 27 38-35 77 21 db 8e d2 b4 26 .N..C.'85w !....& 0090 - d3 1e f0 bd f8 42 58 6e-7b b3 0f ef 55 58 1d 6c .....BXn{...UX. l Start Time: 1416583205 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- welcome! -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/568d3c12-e51c-4b69-841e-8c1c881a372a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
