NodeJS: Using Certificate PEM Type to Connect

[tza...@gmail.com]

Hello,

I need to connect with a string certificate and not a PFX. The example is here:

https://github.com/ravendb/ravendb-nodejs-client#working-with-secured-server

When using certificate type of PEM where do you get the CRT and KEY... I have tried many different configurations, but none of them work. I tried from the downloaded certificate from a client certificated created.. I tried a combination of using the cluster key and certificate, still no go, etc..

What am I missing? Which CRT and which KEY should I be using?

Thanks!

Troy

[Oren Eini (Ayende Rahien)]

I'm not sure that I'm following the issue.

You have the CRT & KEY files that are registered in RavenDB? (the certificate zip contains both the .crt, .key file pair and a .pfx file).

You need to provide them to the document store, let's assume that you have them in string form, in this case you can use this code sample.

Note that the CRT file contains the -----BEGIN CERTIFICATE-----

And the KEY file contains the -----BEGIN RSA PRIVATE KEY-----

You can just concat them and paste them here

const {DocumentStore, Certificate} = require('ravendb');

const certificate = `
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
`;

let authOptions = {
  certificate,
  type: "pem",
  password: "my passphrase" // optional  
};

let store = new DocumentStore('url', 'databaseName', authOptions);

--
You received this message because you are subscribed to the Google Groups "RavenDB - an awesome database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ravendb/00e538c8-5bc3-49b4-ba55-50c38dc481b6n%40googlegroups.com.

--

Oren Eini CEO   /   Hibernating Rhinos LTD Mobile:  972-52-548-6969 Sales:  sa...@ravendb.net Skype:  ayenderahien Support:  sup...@ravendb.net

[tza...@gmail.com]

Hi Oren,

Yes, I am aware of that, I have done this with a different project and it worked fine. But in a new project, no matter what CRT and KEY, the server never responds. No error, just no response and the await store.openSession() never returns. If I switch to PFX, all works fine.

The server if a v4.2.8 ... Do you think this would be the issue? If so, I will try to set some time to upgrade the server to v5.

Thanks!

[Oren Eini (Ayende Rahien)]

Are you sure that the files are correct? Can you connect to the server using them with openssl?

To view this discussion on the web visit https://groups.google.com/d/msgid/ravendb/4a82ddc3-b0a7-4265-ba64-2b5d6b0bd04bn%40googlegroups.com.

[tza...@gmail.com]

Hi Oren,

So I found my issues. 

1. I was not copying the entire RSA header as I did not have that in the other project.

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,XXX

XXXXXXXXXXXXXXXXXXXXXXXXX

I just started with the actual key part... skipped the Proc-Type and DEK-Info and blank line.

2. Apparently this certificate had a password and I was not supplying as I did not have to supply the password in the other project...

Perhaps it would be nice if there was some error thrown. I used a different CRT and KEY and that did throw an error saying the certificate was not registered with the server.. so that did throw a good clear message.

Thank you for your help. All good now.