I am developing a web app with React (front-end) and Nodejs (back-end) and I need to use digital certificates to authenticate.
The options given to the server are:
key: fs.readFileSync('./certs/localhost_key.pem'),
cert: fs.readFileSync('./certs/localhost_cert.pem'),
requestCert: true , rejectUnauthorized: false,
ca: [
fs.readFileSync('./certs/ACCVCA120.crt')
]
}
Once you select the certificate, the line which reads the certificate from the back-end is let cert = req.connection.getPeerCertificate(), and the front-end calls the endpoint which owns that line to read it.
If I use a certificate which is stored on the computer, the app reads the certificate properly, but if it reads it from a smart card, I get the following error after selecting the certificate: net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED.
¿Could you provide me a way to solve this error?
Thank you.
Finally I solved the problem, I let the solution here.
I was using the flag
--tls-min-v1.0because I need it to establish a secure connection with Active Directory.To perform the smart card reading I need a newer TLS version, at least TLS 1.2, so the reading was failing.
If I used the newer TLS version, the AD connection failed, so finally the solution was adding two flags:
--tls-min-v1.0--tls-max-v1.2