Open Documentation Menu

Calling up an interface with your own certification authority in a script

Many on-premises environments have their own certification authority (CA) for signing server certificates. Often, these CAs are not signed by a trustworthy party, with the result that the NodeJS execution environment does not trust these certificates. This leads to no REST queries being able to be sent towards these systems from the scripting app.

For the execution of REST queries, you must import the public part of the CA certificate in PEM format. Since the certificates are often already saved by Windows in the certificate store, you can export the public part of the certificate from the certificate store.

Note

The certificate must be in PEM format. Export the certificate with the format “Base-64 encoded X509” or convert the certificate by openSSL. You can then use the file or the content of the file as a string in the script.

You have two options to include self-signed certificates:

Option 1 

You can globally integrate your own certificates in the NodeJS execution environment. Use the system environment variable NODE_EXTRA_CA_CERTS=<path to PEM file> and restart the d.velop process manager.

Option 2 

Add the dependency undici to your script. You can then load the certificate from the hard disk. Alternatively, you can enter the certificate string in the script and add it to the Agent object as the CA:

//Load undici agent and get dispatch function setter
const { Agent, setGlobalDispatcher } = require('undici')
module.exports = async (req, res) => {
        //Read cert file from filesystem
    const fs = require('fs');
    const certString = fs.readFileSync("C:\\certs\\test.pem", 'utf8')
        //Create a new agent using the loaded cert string as ca
    const agent = new Agent({
    connect: {
        ca:  certString
     }
    })
        //Set global dispatcher function
    setGlobalDispatcher(agent)
        //All regular fetch calls will now use the new agent
    const response = await fetch("https://my.secured.host/scripting", {
        // Adding method type
        method: "GET",
        // Adding headers to the request
        headers: {
            "Accept": "application/json"
        },
    })
    if(!response.ok) {
        console.log("Response was not ok")
    }
    const result = await response.json();
    console.log("Response from fetch", result)
    res.status(200).set("Content-Type", "text/plain").send(result);
}