-
Type: Investigation
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Connectivity, Tech debt
-
None
-
5
-
Iteration Utica, Iteration Versailles, Iteration Wolverhampton
-
Needed
-
notes
https://www.npmjs.com/package/ssl-root-cas
node-windows-root-certs
https://www.npmjs.com/package/node-windows-root-certs
Enables use of Windows root certificates in nodejs directly, without environment settings or certificate files.
Tested on node 12.10.0
Uses for this module:
In a coporate envionment
If they have a WAF (Web Application Firewall - a man in the middle), the root certificate for the WAF is often installed as a certificate in Windows. NodeJS has now access to this certifcate, and so nodeJS based applications will fail without special measures.You need to https or tls to a server with a self signed certificate
Enables the root certificate for your server to be added, either by adding in Windows, or manually.I tried but failed to get this to work in test.js with badssl.com
For 'Older' versions of NodeJS
If the certificates inside NodeJS expire, the application will stop working....What it does
This module provides two features:1. reading of the Windows root certificates
A function is provided to read the Windows Root certifcates returning an array similar to node's own rootcertificates array.2. patching tls
A function is provided which will patch the tls module such that all HTTPS or other tls based secure communication will use the provided certificates - either a complete certificate list or, a list additional to the internal nodeJS list.Note: if tls is patched AFTER a successful connection to a site, then it's likely that the new/modified certificates will not be used for a subsequent connection, as the connection itself may be cached.
win-ca
https://www.npmjs.com/package/win-ca
Node uses a statically compiled, manually updated, hardcoded list of certificate authorities, rather than relying on the system's trust store... Read more
It's somewhat non-intuitive under any OS, but Windows differs from most of them
by having its own trust store, fully incompatible with [OpenSSL|ttps://github.com/ukoloff/openssl-win-root].
This package is intended to fetch Root CAs from Windows' store (Trusted Root Certification Authorities) and make them available to Node.js application with minimal efforts.
- is cloned by
-
MONGOSH-1133 Support non-standard root ca for SSL
- Closed
- is related to
-
MONGOSH-1054 --authenticationDatabase not overriding authSource in connection uri
- Closed