Thursday 4 May 2017

Sending TLS/SSL secured POST requests from node.js to IIS

I have a node.js webapp running on IIS 8.5 (published using iisnode) on my Windows Server 2012 and I have configured it to use this certificate I just bought. So I added the certificate to the server:

enter image description here

And configured my website to use https and the certificate I have just configured:

enter image description here

Now I can access my website like https://example.com

Ok, I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate.

My goal would be to do the HTTPS POST from client and only the clients using a valid certificate would be allowed to upload data to my https://example.com/upload url.

So first, I forced ISS to ask for a certificate on my website. In SSL configuration I checked the "Required" option:enter image description here

Next thing to do is to upload data from my node.js using https and my cert. The problem is that my node.js https POST request is getting the IIS's permission denied website as a response.

My node.js request code is:

var config = require('./config');
var request     = require('request');
var path = require('path');
var fs = require('fs');  

var certFile = path.resolve(__dirname, 'tls/certificate.crt');
var keyFile = path.resolve(__dirname, 'tls/certificate.key');
var caFile = path.resolve(__dirname, 'tls/certificate.ca.crt');
var pfxFile = path.resolve(__dirname, 'tls/certificate.pfx');



var credentials ={
    "email":config.EMAIL,
    "password":config.PASSWORD
}

request.post({
    uri: config.LOGIN_URL, //https://example.com/upload
    headers: { 
        'content-type': 'application/x-www-form-urlencoded',
        'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'
    },
    body: require('querystring').stringify(credentials),
    rejectUnauthorized: false,
    agentOptions: {
        cert: fs.readFileSync(certFile),
        key: fs.readFileSync(keyFile),
        // Or use `pfx` property replacing `cert` and `key` when using private key, certificate and CA certs in PFX or PKCS12 format:
        // pfx: fs.readFileSync(pfxFilePath),
        ca: fs.readFileSync(caFile),
        securityOptions: 'SSL_OP_NO_SSLv3'
    }
}, function(err, res, body){
        if (!err && res.statusCode === 200) {
            console.log('OK!');
        } else  { 
            console.log("Error: ",err);    
        }
});

What I am missing in my architecture so that IIS allows my HTTPS POST requests validating the certificate I send from client?



via Egidi

No comments:

Post a Comment