[nodejs] Re: SSL CA cert not working right

[Rog]

Ok.  I figured it out.  
There are a few things wrong with the instructions from everyone that I 
have seen give out node examples for public CA-signed certs.

Again this is for NetworkSolutions as a CA provider.  This is as a server 
CA and NOT a client CA.  There is no dual-CA authentication, only the 
single side from the server.

The notes for adding the CA public certs are confusing, because the CA is 
not the CA attribute in the options.  It is the cert attribute.

Symptoms for this are no matter what you do the same error appears and you 
can authenticate it if you use your creds as a part of the call
openssl s_client -CAfile 4_CRTs_Sample_DVServ_DVUser_AddT.crt  -connect 
sample.whataremindsfor.com:56900



Step 1:  If you have several crts cat them all together using your 
full-qualified domain first.  
cat SAMPLE.WHATAREMINDSFOR.COM.crt DV_NetworkSolutionsDVServerCA2.crt 
DV_USERTrustRSACertificationAuthority.crt AddTrustExternalCARoot.crt > 4
_CRTs_Sample_DVServ_DVUser_AddT.crt

Step 2:  Ensure that after you cat the files together the beginning and end 
tags are on a different line
NO:  
-----BEGIN CERTIFICATE----------END CERTIFICATE-----

YES:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----


Step 3:  Don't use the 'ca' attribute for server side CA.  Only use the 
'cert' attribute.
var secure_options = {
   key: secure_fs.readFileSync('PATH/sample.whataremindsfor.com.key', 'utf8'
),
   cert: secure_fs.readFileSync('PATH/4_CRTs_Sample_DVServ_DVUser_AddT.crt', 
'utf8'),
};



-- 
Job board: http://jobs.nodejs.org/
New group rules: 
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: 
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
--- 
You received this message because you are subscribed to the Google Groups 
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nodejs+unsubscr...@googlegroups.com.
To post to this group, send email to nodejs@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nodejs/f477b0c8-b7fe-4d19-b3d4-a42f15c4326b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.