Hey,
I'm working with an involved implementation of the TLS protocol, with two different ports, both requiring client certs.
Port n: Control channel. Connections are only accepted from known client certificates.
Port n+1: Pairing channel. Any certificate can connect. A final challenge confirmation step adds the client's certificate to the whitelist for port n.
The challenge uses the modulus and exponent of both peer's certificates.
In Node I easily got these details for the remote end using conn.getPeerCertificate().
Why isn't there a conn.getLocalCertificate() as well? The cert info has to be used by TLS in some way anyway.
My workarounds for getting the local cert details are:
- Shell out to openssl and parse its output
- Require the user to put the exponent/modulus from openssl output into a config file
- Connect to myself on startup and take note of getPeerCertificate() - Requires a local server, even for clients
- Deploy a getPeerCertificate() service on EC2
- Parse the .crt file myself (didn't find an NPM package capable of doing it)
None of these are ideal, but I ended up going with #3 because it was a quick hack without mess. Still a hack.
Is there an actual way to get the local cert??
Thanks in advance,
Dan