I'm a node-js guy but I think this is about Certificate/CA only.
I want to set up an https server using a certificate which is signed by a public CA, so that all the browsers can visit my website without certificate error. At the same time, I want my server to provide two-way https authentication, so that the server can recognize my clients if my clients is using a certificate. Client certificate is signed by CA created by myself.
When I let the client connect to the server, it gets an error called Error: CERT_UNTRUSTED. But I have set up the "ca" & "agent" option for both the server and the client, so I can't figure out my mistake.
I have installed my self-signed CA in my windows 8 Root Certificates, altough I don't think it's really needed.
My Code:
Server
var options = {
key:keyForCertificate,
cert:certFromPublicCA,
ca:[PublicCA, self-signedCA],
requestCert: true,
rejectUnauthorized: false
};
var server = require('https').Server(options, require('express')());
server.listen(443);
Client
require('https').request({ host: "www.publicWebsite.com"
, method: "GET"
, port: 443
, headers: { host: "www.publicWebsite.com" }
, ca:[PublicCA, self-signedCA],
, path: "/" }, function (res) {
if (res.client.authorized) {
console.log("node test: OK")
} else {
throw new Error(res.client.authorizationError)
}
}).end()