Friday 2 June 2017

Get 'Error: self signed certificate' when using libressl

I am working through the book 'Professional Nodejs' and working on the chapter "securing tcp server with tls/ssl' but hit a snag. I downloaded libressl to use in the project.

I created the server key:

genrsa -out server_key.pem 1024

Then, I created the certificate request for the server.js:

req -new -key server_key.pem -out server_csr.pem

then i created a self-signed certificate:

x509 -req -in server_csr.pem -signkey server_key.pem -out server_cert.pem

These files are in the same folder as server.js. I then stick these into an object called options inside server.js:

var tls = require('tls');
var fs = require('fs');
var port = 3000;
var clients = [];
var options = {
    key: fs.readFileSync("server_key.pem"),
    cert: fs.readFileSync("server_cert.pem"),
    //rejectUnauthorized: false
}

function distribute(from,data){
    var socket = from.socket;
    clients.forEach((client)=>{
        if(client !== from){
            client.write(socket.remoteAddress + ':' + socket.remotePort + " said: " + data.toString());
        }
    })
}

tls.createServer(options, (client)=>{
    clients.push(client);

    client.on("data", (data)=>{
        distribute(client, data);
    })

    client.on("close", ()=>{
        console.log("client disconnected...");
        clients.splice(clients.indexOf(client),1);
    })

}).listen(port,()=>{
    console.log("tls server is active...");
})

I do the same thing for client.js:

genrsa -out client_key.pem 1024
req -new -key client_key.pem -out client_csr.pem
x509 -req -in client_csr.pem -signkey client_key.pem -out client_cert.pem

And then I put include those files which are in the same folder as client.js into the options object within client.js:

var tls = require('tls');
var fs = require('fs');
var port = 3000;
var host = 'localhost';

var options = {
    key: fs.readFileSync('client_key.pem'),
    cert: fs.readFileSync('client_cert.pem'),
    //rejectUnauthorized: false
}

process.stdin.resume();


var client = tls.connect(port, host, options, ()=>{

    client.on("error", (err)=>{
        console.log("***ERROR", err);
    })
    console.log("client is connected to host.");
    process.stdin.pipe(client, {end:false});
    client.pipe(process.stdout);
})

The only way this works is if I include rejectUnauthorized: false in the options. I run node server.js but when I run node client.js an error is thrown: "Error: self signed certificate" I'm just trying to get this to work on local host, but I'm not sure where I'm going wrong.



via Glenn
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)