This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How do you use client certificates when making an HTTPS call from node.js with Apigee Edge

Posted on 06-25-2015 06:38 AM
dave_pickard
New Member
Reply posted on --/--/---- --:-- AM

Following the examples I've written my js code and running on my laptop it works fine - HTTPS call is made using client certificate authentication. Running on Apigee though I can't get it working - it just fails with the following exception: "io.apigee.trireme.core.internal.CryptoException: Input data does not contain a key pair".

Below is the options I'm passing to https.request():

    var options = {
        hostname : www.myhost.com,
        port : 443,
        path: '/service/url',
        key: fs.readFileSync(__dirname + '/certs/APIGEE-client-privkey.pem', 'utf-8'),
        passphrase: 'password',
        cert: fs.readFileSync(__dirname + '/certs/APIGEE-client.cer', 'utf-8'),
        method: 'POST',
        rejectUnauthorized: false,
        headers: {
            'Content-Type': 'application/xml',
            'Content-Length': requestData.length
        }
    };

Presumably running in Apigee edge is using a different Crypto library. Does anybody have this working - if so how do you read in the files so they will be accepted?

Thanks

Solved Solved
2 5 16.8K
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dave_pickard
New Member
Reply posted on --/--/---- --:-- AM

Just had the idea of changing the format of the files as I noticed that the node tls library also accepts pfx files. So I converted the files:

 openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Using the pfx format seems to work ok.

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

I had the same problem earlier - not sure if its resolved.

Try running your script using trireme in your machine, if it works there, it should work in Edge - thats the runtime we use in Edge

https://github.com/apigee/trireme

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dave_pickard
New Member
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Thanks. Just tried that and it produces the same error. So does that mean it's a bug? Is there anyway to actually load the client certificate/key?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to dave_pickard
Reply posted on --/--/---- --:-- AM

I think the crypto library used by trireme has the bug, Unfortunately, I have not been successful to load certs/key in nodejs. I have also reported this as a bug

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dave_pickard
New Member
Reply posted on --/--/---- --:-- AM

Just had the idea of changing the format of the files as I noticed that the node tls library also accepts pfx files. So I converted the files:

 openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Using the pfx format seems to work ok.

Jump to Solution

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to dave_pickard
Reply posted on --/--/---- --:-- AM

oh cool!, Thanks Dave, I will give a try with my code

Jump to Solution
0 Likes