win-ca

Get Windows System Root certificates for [Node.js][].

Rationale

In Node.js, HTTPS requests are validated against a built-in list of Certification Authorities.

Node uses a [statically compiled, manually updated, hardcoded list][node.pem] of certificate authorities, rather than relying on the system's trust store... [Read more][node/4175]

Accessing a website with a self-signed certificate, or accessing any website through a Proxy which performs HTTPS decryption and inspection (almost any corporate environment) will result in an SSL error: Error: self signed certificate in certificate chain, and there is no easy way to ignore this error whithout disabling SSL validation completely.

This package is intended to get Root CAs from Windows' store and make them available to [Node.js] https requests.

Usage

npm install --save system-ca-win32.

const fetch = require("node-fetch");
const HttpsProxyAgent = require("https-proxy-agent"); // example when using an ssl-inspecting proxy

const ca = require('system-ca-win32');

const options = url.parse("http://10.10.10.132:8080");
options.ca = ca;

fetch("https://www.google.com", {
  agent: new HttpsProxyAgent(options),
})
  .then(body => {
    return console.log("Done: ", body.status);
  })
  .catch(e => {
    return console.error(e);
  });

API

const ca = require('system-ca-win32');

ca will contain an Agent-compatible list of Certification Authorities, which can be directly assigned to options.ca when constructing a new Agent.

Only a synchronous implementation is provided currently. The default behavior is to cache the result of the first call, and always respond with a cached result. You can call ca.clearCache() to clear this cache.

Credits

Based on win-ca-ffi.

Uses node-forge and node-ffi.