How to use a private secure connection in a node.js application?

2
votes

I have established a private Cloud Integration>Basic Secure Connection, but then to use/access it I have to use mutual TLS in my node.js application (which is on also on BlueMix).
I have seen this post: https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/ which describes a way to use the private Secure Connection.

But what I am trying to do is to send an HTTPS request to the Secure Connection, so that it goes to my backend. In the node.js, I have a HTTP server which handles user actions and I am using the following code to make the HTTPS request:

var https = require('https');
var fs = require('fs');
var options = {
        host: cloud_ip,
        port: cloud_port,
        path: '/path_to_resource',
        method: 'POST',     
        cert: fs.readFileSync('<endpoint>-basic-client-cert.pem'),
        key: fs.readFileSync('<endpoint>-basic-private-key'),
        ca: fs.readFileSync('DigiCertCA2.pem'),
        agent: false,
};
var req = https.request(options, callback);
req.on('error', function(e) {
    io.emit('message', 'Error: ' +JSON.stringify(e));
});
req.end()

And I get no response from my backend, I tried to monitor what is happening with Wireshark (locally), and it seems that the connection is refused/denied. I don't really know what I should do with the different certificates downloaded from BlueMix. I would really appreciate if someone could help.

2
node.jsintegrationibm-cloud
Where is callback defined? You also don't have req.on("data") either. - Jeff Sloyer
@Jeff Sloyer: sorry, I removed the callback because it wasn't relevant for this question. The callback is defined after my options variable, and does the req.on('data') and prints something on the screen. - Rick

2 Answers

2
votes

Cloud Integration does not currently support Mutual TLS to a backend that also uses TLS or HTTPS. You'll need to allow access to your app via HTTP in order for the Cloud Integration Mutual TLS to function correctly.

Once you do this, you should see connections hit your backend.

0
votes

The blog post you linked is for Secure Gateway, but it sounds like you are using the Cloud Integration service. If you have already successfully created and connected your basic connector and created your private endpoint, the node.js script below should allow you to do a get request to your server.

var https = require('https');
var fs = require('fs');
var options = {
    host: '<ip on cloud integration endpoint>',
    port: <port given by cloud integration on endpoint>,
    path: '/pathToApi',
    method: 'GET',     
    cert: fs.readFileSync('myCertfile.pem'),
    key: fs.readFileSync('myKeyFile'),
    agent: false,
    rejectUnauthorized: false
};
var req = https.request(options, function(res){
    res.on('data', function(d){
        process.stdout.write(d);
    });
});
req.end()