I am trying to make client authorization self-signed.
First, I create certificates:
CA certificate
openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Server certificate
openssl genrsa -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
Customer certificate
openssl genrsa -out client.key 1024 openssl req -new -key client.key -out client.csr openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
Convert client certificate to p12
openssl pkcs12 -export -in client.crt -inkey client.key -name "My cert" -out client.p12
Open and install p12 certificate open client.p12
My node.js server (using express.js)
var express = require('express') , routes = require('./routes') , user = require('./routes/user') , http = require('http') , path = require('path') , https = require('https') , fs = require('fs'); var app = express(); app.configure(function () { app.set('port', process.env.PORT || 3000); app.set('views', __dirname + '/views'); app.set('view engine', 'ejs'); app.use(express.favicon()); app.use(express.logger('dev')); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(app.router); app.use(express.static(path.join(__dirname, 'public'))); }); app.configure('development', function () { app.use(express.errorHandler()); }); app.get('/', function(req, res) { console.log(req.client.authorized); res.send(req.client.authorized) }); var options = { key:fs.readFileSync('ssl/server.key'), cert:fs.readFileSync('ssl/server.crt'), ca:[fs.readFileSync('ssl/ca.crt')], requestCert:true, rejectUnauthorized:false, passphrase: 'passphrase', agent: false }; https.createServer(options,app).listen(app.get('port'), function () { console.log("Express server listening on port " + app.get('port')); });
When the server is running, I open https://localhost:3000 in Chrome, but authentication fails: req.client.authorized is false
Chrome message
The identity of this website has not been verified. • Server certificate does not match the URL.
Where is my mistake?