feat(ssl): supporting a certificate authority bundle file for the sec…

…ured SSL configuration (#1342)
meanjs · Jun 7, 2016 · c364922 · c364922
1 parent fde27f0
commit c364922
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/config/env/production.js b/config/env/production.js
@@ -4,7 +4,8 @@ module.exports = {
   secure: {
     ssl: true,
     privateKey: './config/sslcerts/key.pem',
-    certificate: './config/sslcerts/cert.pem'
+    certificate: './config/sslcerts/cert.pem',
+    caBundle: './config/sslcerts/cabundle.crt'
   },
   port: process.env.PORT || 8443,
   // Binding to 127.0.0.1 is safer in production.

diff --git a/config/lib/socket.io.js b/config/lib/socket.io.js
@@ -19,9 +19,18 @@ module.exports = function (app, db) {
     // Load SSL key and certificate
     var privateKey = fs.readFileSync(path.resolve(config.secure.privateKey), 'utf8');
     var certificate = fs.readFileSync(path.resolve(config.secure.certificate), 'utf8');
+    var caBundle;
+
+    try {
+      caBundle = fs.readFileSync(path.resolve(config.secure.caBundle), 'utf8');
+    } catch (err) {
+      console.log('Warning: couldn\'t find or read caBundle file');
+    }
+
     var options = {
       key: privateKey,
       cert: certificate,
+      ca: caBundle,
       //  requestCert : true,
       //  rejectUnauthorized : true,
       secureProtocol: 'TLSv1_method',