Last active
April 9, 2024 11:00
-
-
Save oliverrahner/04f345d99d3eeeeb956e2b46d52f3a02 to your computer and use it in GitHub Desktop.
Simple Node script showing details of TLS client certificate without a fixed set of accepted CAs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// prerequisites: | |
// dependency installation: npm i fs https express | |
// create server certificate: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname" | |
// point your browser to https://localhost:8443 | |
// this should allow you to select a certificate to use as the client cert, if you have any | |
// the server then returns some details about that certificate | |
const fs = require('fs'); | |
const https = require('https'); | |
const express = require('express'); | |
const app = express(); | |
app.get('/', (req, res) => { | |
let clientCertDetails = req.socket.getPeerCertificate() | |
return res.send( | |
"<pre>" + | |
"Certificate Fingerprint: " + clientCertDetails.fingerprint + "<br/>" + | |
"Certificate CN: " + clientCertDetails.subject.CN + "<br/>" + | |
"</pre>" | |
); | |
}); | |
https | |
.createServer( | |
{ | |
cert: fs.readFileSync('cert.pem'), | |
key: fs.readFileSync('key.pem'), | |
requestCert: true, | |
rejectUnauthorized: false, | |
}, | |
app | |
) | |
.listen(8443); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment