-
-
Save mwittig/adaa05ee755d16ba95f6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### | |
#Step 1 - Generate server certificates etc... (most of this code is horribly ripped off from nodejs docs currently -> http://nodejs.org/docs/latest/api/tls.html) | |
### | |
#Assuming your starting from a clean directory | |
mkdir server | |
cd server | |
#generate private key | |
openssl genrsa -out server-private-key.pem 4096 | |
#generate signing request | |
openssl req -new -key server-private-key.pem -out server-certificate-signing-request.pem | |
#self sign the request (or send off the Verisign etc etc) | |
openssl x509 -req -in server-certificate-signing-request.pem -signkey server-private-key.pem -out server-certificate.pem | |
### | |
#Step 2 - now for the client certificates | |
### | |
cd ../ | |
mkdir client | |
cd client | |
#generate private key | |
openssl genrsa -out client-private-key.pem 4096 | |
#generate signing request | |
openssl req -new -key client-private-key.pem -out client-certificate-signing-request.pem | |
#self sign the request (or send off the Verisign etc etc) | |
openssl x509 -req -in client-certificate-signing-request.pem -signkey client-private-key.pem -out client-certificate.pem | |
### | |
# Step 3 - create some code (copy + pasta) | |
### | |
# Copy the server.js file to the server folder, and the client.js file to client folder | |
# Make sure you have 2 terminal windows open | |
# Goto the server folder in terminal window 1 | |
sudo node server.js | |
# Goto the client folder in terminal window 2 | |
node client.js | |
# See output in terminal window 1 | |
# Profit (or better yet improve this code so it's actually more useful |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var tls = require('tls'); | |
var fs = require('fs'); | |
var options = { | |
// These are necessary only if using the client certificate authentication (so yeah, you need them) | |
key: fs.readFileSync('client-private-key.pem'), | |
cert: fs.readFileSync('client-certificate.pem'), | |
// This is necessary only if the server uses the self-signed certificate | |
ca: [ fs.readFileSync('../server/server-certificate.pem') ] | |
}; | |
var cleartextStream = tls.connect(443, options, function() { | |
console.log('client connected', | |
cleartextStream.authorized ? 'authorized' : 'unauthorized'); | |
process.stdin.pipe(cleartextStream); | |
process.stdin.resume(); | |
}); | |
cleartextStream.setEncoding('utf8'); | |
cleartextStream.on('data', function(data) { | |
console.log(data); | |
}); | |
cleartextStream.on('end', function() { | |
server.close(); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var tls = require('tls'); | |
var fs = require('fs'); | |
var options = { | |
key: fs.readFileSync('server-private-key.pem'), | |
cert: fs.readFileSync('server-certificate.pem'), | |
// This is necessary only if using the client certificate authentication. | |
// Without this some clients don't bother sending certificates at all, some do | |
requestCert: true, | |
// Do we reject anyone who certs who haven't been signed by our recognised certificate authorities | |
rejectUnauthorized: true | |
// This is necessary only if the client uses the self-signed certificate and you care about implicit authorization | |
ca: [ fs.readFileSync('../client/client-certificate.pem') ] | |
}; | |
var server = tls.createServer(options, function(cleartextStream) { | |
//Show the certificate info as supplied by the client | |
console.log(cleartextStream.getPeerCertificate()); | |
console.log('server connected', | |
cleartextStream.authorized ? 'authorized' : 'unauthorized'); | |
cleartextStream.write("welcome!\n"); | |
cleartextStream.setEncoding('utf8'); | |
cleartextStream.pipe(cleartextStream); | |
}); | |
server.listen(443, function() { | |
console.log('server bound'); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment