@small-tech/syswide-cas
Version:
Fork of syswide-cas by a now-defunct company called Capriza. Enable node to use system wide certificate authorities in conjunction with the bundled root CAs.
85 lines (52 loc) β’ 3.26 kB
Markdown
# -tech/syswide-cas
___Note: this is a fork of the original module being maintained by [Aral Balkan](https://ar.al) of [Small Technology Foundation](https://small-tech.org) as the original company seems to have gone out of business.___
Enables Node.js to use custom Certificate Authorities (CAs) _alongside_ the bundled root CAs.
Until version 7, Node did not support system-wide installed trusted CAs. You could only specify a custom CA via the `ca` option in the `tls` and `https` modules or fallback to using the bundled list of root CAs Node is compiled with.
Starting with version 7, itβs possible to set the `NODE_EXTRA_CA_CERTS` environment variable to a single file containing an additional root CA to trust, however it still does not allow programmatic addition of several directories and files containing root CAs.
This module enables custom CAs to be used _alongside_ the root CAs bundled with Node.
> π‘ syswide-cas will automatically load root CAs from the file `/etc/ssl/ca-node.pem` if it exists.
## Install
```
npm i -tech/syswide-cas
```
## Use
> π‘ Import `-tech/syswide-cas` before any TLS calls if you use dynamic imports.
```javascript
// Importing syswide-cas automatically loads Certificate Authorities (CAs) from the file _/etc/ssl/ca-node.pem_ if it exists
import syswideCas from '-tech/syswide-cas'
// Optionally, load all files from a custom directory.
syswideCas.addCAs('/my/custom/path/to/certs/dir')
// Or multiple directories.
syswideCas.addCAs(['/my/custom/path/to/certs/dir1', '/my/other/path/to/certs/dir2'])
// Optionally, load a file directly.
syswideCas.addCAs('/my/custom/path/to/cert.pem')
// Or multiple files.
syswideCas.addCAs(['/my/custom/path/to/cert1.pem', '/my/other/path/to/cert2.pem'])
import https from 'node:https'
https.get('https://my.custom.domain.com/with/self/signed/cert')
```
## Test
```js
npm -s test
```
### Tests failing? Read this!
If you get the following error when running the tests:
```
β FAIL: page with self-signed certificate loads with syswide-cas
```
Itβs possible that the Root Certificate Authority has changed on [badssl.com](https://badssl.com).
We use https://self-signed.badssl.com/ for the tests and its Certificate Authority (in PEM format) can be found in _/tests/fixtures/self-signed.badssl.com_.
To update the fixture:
1. In Chromium, visit https://self-signed.badssl.com/
2. Click on the ββ Not Secureβ button in the address bar.
3. Select βCertificate detailsβ
4. Navigate to the Details tab
5. Click the βExportβ¦β button
6. Under βFormatβ choose βBase64-encoded ASCII, single certificate and save it on top of _/tests/fixtures/self-signed.badssl.com_.
Ensure that the certificate has changed by doing a `git diff` and, if so, run the tests again and they should pass.
Please [open an issue](https://codeberg.org/small-tech/syswide-cas/issues) to let us know the BadSSL certificate has changed and, if you can, please [open a pull request](https://codeberg.org/small-tech/syswide-cas/pulls) to resolve it using the new certificate.
Thanks!
## License
Copyright 2021-present Aral Balkan, Small Technology Foundation.
Copyright 2016 Capriza.
Code released under the [MIT license](LICENSE.md)