I have a node.js webapp running on IIS 8.5 (published using iisnode) on my Windows Server 2012 and I have configured it to use this certificate I just bought. So I added the certificate to the server:
And configured my website to use https and the certificate I have just configured:
Now I can access my website like https://example.com
Ok, I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate.
My goal would be to do the HTTPS POST from client and only the clients using a valid certificate would be allowed to upload data to my https://example.com/upload url.
So first, I forced ISS to ask for a certificate on my website. In SSL configuration I checked the "Required" option:
Next thing to do is to upload data from my node.js using https and my cert. The problem is that my node.js https POST request is getting the IIS's permission denied website as a response.
My node.js request code is:
var config = require('./config');
var request = require('request');
var path = require('path');
var fs = require('fs');
var certFile = path.resolve(__dirname, 'tls/certificate.crt');
var keyFile = path.resolve(__dirname, 'tls/certificate.key');
var caFile = path.resolve(__dirname, 'tls/certificate.ca.crt');
var pfxFile = path.resolve(__dirname, 'tls/certificate.pfx');
var credentials ={
"email":config.EMAIL,
"password":config.PASSWORD
}
request.post({
uri: config.LOGIN_URL, //https://example.com/upload
headers: {
'content-type': 'application/x-www-form-urlencoded',
'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'
},
body: require('querystring').stringify(credentials),
rejectUnauthorized: false,
agentOptions: {
cert: fs.readFileSync(certFile),
key: fs.readFileSync(keyFile),
// Or use `pfx` property replacing `cert` and `key` when using private key, certificate and CA certs in PFX or PKCS12 format:
// pfx: fs.readFileSync(pfxFilePath),
ca: fs.readFileSync(caFile),
securityOptions: 'SSL_OP_NO_SSLv3'
}
}, function(err, res, body){
if (!err && res.statusCode === 200) {
console.log('OK!');
} else {
console.log("Error: ",err);
}
});
What I am missing in my architecture so that IIS allows my HTTPS POST requests validating the certificate I send from client?
via Egidi
No comments:
Post a Comment