我如何知道从我的 node.js 接收 TLS 请求的 HTTPS 端点正在使用指定的 SSL 证书? [英] How can I know that a HTTPS endpoint receiving a TLS request from my node.js is using a specified SSL certificate?

问题描述

我有一个端点(使用任何语言，比如说 Python)，它使用由任何广为人知且受信任的 CA 颁发的证书将某些服务公开为 HTTPS，即可能包含在世界上几乎所有浏览器中.

I have an endpoint (in any language, let's say Python) that exposes some service as HTTPS using a certificate issued by any widely known and trusted CA, that is probably included in virtually any browser in the world.

最简单的部分是，我可以使用 Node.js 向该端点发出 TLS 请求，不会再有任何问题.

The easiest part is that I can issue TLS requests against this endpoint using Node.js with no further problems.

出于安全原因，我想检查每次我的 Node.js 针对此 HTTPS 端点发出 TLS 请求时，我想确保所使用的证书是我信任的证书，并且是我信任的证书是我公司要求的.

For security reasons, I would like to check that every time my Node.js issues a TLS request against this HTTPS endpoint, I want to make sure that the certificate being used, is the certificate that I trust, and the one that was requested by my company.

实现这一目标的最佳方法是什么?

What is the best way to accomplish that?

推荐答案

这听起来像是 如何使用node.js获取SSL证书信息?适合你的需求.

It sounds like the answer at How to get SSL certificate information using node.js? would be suitable for your needs.

您可以使用以下代码获取端点的证书，然后根据您的预期检查其指纹或哈希值.

You can use the following code to get your endpoint's certificate then check its fingerprint or hash against what you expect.

var https = require('https');
var options = {
    host: 'google.com',
    port: 443,
    method: 'GET'
};

var req = https.request(options, function(res) {
    console.log(res.connection.getPeerCertificate());
});

req.end();

这篇关于我如何知道从我的 node.js 接收 TLS 请求的 HTTPS 端点正在使用指定的 SSL 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！