Nodejs request to a web service with .p12 certificate

uglycode picture uglycode · Oct 23, 2017 · Viewed 11.7k times · Source

So, the title is pretty straightforward. I want to consume a web service from a company and I got .cer and .p12 files. Supposedly, I should use .p12 when making a request. I've imported .cer into windows and I can make requests with postman easily. But when I'm trying to do a request with node.js, I get errors. Here's the code, I'm using request module:

var headersOpt = {
    "content-type": "application/json",
};

var options = {
    url: 'https://some-url/api',
    cert: fs.readFileSync(__dirname + '/certs/myCert.p12'),
    headers: headersOpt
};

request.get(options, (error, response, body) => {
    console.log(error);
    console.log(response);
    console.log(body);
});

I get this error:

{ Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Object.createSecureContext (_tls_common.js:89:17)
    at Object.exports.connect (_tls_wrap.js:1048:48)
    at Agent.createConnection (https.js:111:22)
    at Agent.createSocket (_http_agent.js:224:26)
    at Agent.addRequest (_http_agent.js:192:10)
    at new ClientRequest (_http_client.js:256:16)
    at Object.request (http.js:39:10)
    at Object.request (https.js:239:15)
    at Request.start (D:\parser\node_modules\request\request.js:748:32)
    at Request.end (D:\parser\node_modules\request\request.js:1512:10)
  opensslErrorStack:
   [ 'error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib' ] }

Answer

Bertrand Martel picture Bertrand Martel · Oct 23, 2017

Use pfx property in agentOptions for pkcs12 format :

'use strict';

const request = require('request');
const fs = require('fs');

var options = {
    url: 'https://some-url/api',
    headers: {
        "content-type": "application/json",
    },
    agentOptions: {
        pfx: fs.readFileSync(__dirname + '/certs/myCert.p12'),
        passphrase: ''
    }
};

request.get(options, (error, response, body) => {
    console.log(error);
    console.log(response);
    console.log(body);
});

If your certificate is self signed, check this