This example builds on the basic scenario, and adds:
- Client checks a static hostname (FQDN) string against server certificate Subject CN or Subject Alt Names.
- Server checks a static hostname (FQDN) string against client certificate
First run the server with node server.js
Secondly, run the client node client.js
The output should be a TLS handshake failure, where the client is rejecting the server as not matching the hostname expected.
Change the following code in client.js
//const err = tls.checkServerIdentity("www.demoservers.co.nz", cert);
const err = tls.checkServerIdentity("incorrect.url.co.nz", cert);
to look like the following:
const err = tls.checkServerIdentity("www.demoservers.co.nz", cert);
//const err = tls.checkServerIdentity("incorrect.url.co.nz", cert);
Save your change and re-run the client. You should now have a different error, a HTTP 401 from the server.
The last step is update the server to accept the client subject CN. Change the following in server.js
const clientCN = "incorrect.demo.co.nz"
//const clientCN = 'client.demo.co.nz';
To look like:
//const clientCN = "incorrect.demo.co.nz"
const clientCN = 'client.demo.co.nz';
Save your change and re-start the server, then re-run the client. Everything should now work as expected, and a HTTP 200 is returned to the client.