Creating a TLS client is almost exactly like creating a socket client, as discussed earlier in this chapter. The only difference is that there are additional options, shown in Table 8.8, that allow you to specify the security for the client. The most important options are key
, cert
, and ca
.
The key
option specifies the private key used for SSL. The cert
value specifies the x509 public key to use. If you are using a self-signed certificate, you need to point the ca
property at the certificate for the server:
var options = {
key: fs.readFileSync('test/keys/client.pem'),
cert: fs.readFileSync('test/keys/client.crt'),
ca: fs.readFileSync('test/keys/server.crt')
};
Once you have defined the options with the cert
, key
, and ca
settings, you can call tls.connect(options, [responseCallback])
, and it will work exactly the same as the net.connect()
call. The only difference is that the data between the client and server is encrypted:
var options = {
hostname: 'encrypted.mysite.com',
port: 8108,
key: fs.readFileSync('test/keys/client.pem'),
cert: fs.readFileSync('test/keys/client.crt),
ca: fs.readFileSync('test/keys/server.crt)
};
var req = tls.connect(options, function(res) {
<handle the connection the same as a net.connect>
}