TLS module presents me with the peer certificate. How do I get the local certificate info too?

[Daniel Lamando]

Hey,

I'm working with an involved implementation of the TLS protocol, with two different ports, both requiring client certs.

Port n: Control channel. Connections are only accepted from known client certificates.

Port n+1: Pairing channel. Any certificate can connect. A final challenge confirmation step adds the client's certificate to the whitelist for port n.

The challenge uses the modulus and exponent of both peer's certificates.

In Node I easily got these details for the remote end using conn.getPeerCertificate().

Why isn't there a conn.getLocalCertificate() as well? The cert info has to be used by TLS in some way anyway.

My workarounds for getting the local cert details are:

1. Shell out to openssl and parse its output
2. Require the user to put the exponent/modulus from openssl output into a config file
3. Connect to myself on startup and take note of getPeerCertificate() - Requires a local server, even for clients
   
4. Deploy a getPeerCertificate() service on EC2
5. Parse the .crt file myself (didn't find an NPM package capable of doing it)

None of these are ideal, but I ended up going with #3 because it was a quick hack without mess. Still a hack.

Is there an actual way to get the local cert??

Thanks in advance,

Dan