Creating a TLS Socket Client

Creating a TLS client is almost exactly like creating a socket client, as discussed earlier in this chapter. The only difference is that there are additional options, shown in Table 8.8, that allow you to specify the security for the client. The most important options are key, cert, and ca.

Table 8.8 Additional options for tls.connect()

The key option specifies the private key used for SSL. The cert value specifies the x509 public key to use. If you are using a self-signed certificate, you need to point the ca property at the certificate for the server:

Click here to view code image

var options = {
  key: fs.readFileSync('test/keys/client.pem'),
  cert: fs.readFileSync('test/keys/client.crt'),
  ca: fs.readFileSync('test/keys/server.crt')
};

Once you have defined the options with the cert, key, and ca settings, you can call tls.connect(options, [responseCallback]), and it will work exactly the same as the net.connect() call. The only difference is that the data between the client and server is encrypted:

Click here to view code image

var options = {
  hostname: 'encrypted.mysite.com',
  port: 8108,
  key: fs.readFileSync('test/keys/client.pem'),
  cert: fs.readFileSync('test/keys/client.crt),
  ca: fs.readFileSync('test/keys/server.crt)
};
var req = tls.connect(options, function(res) {
  <handle the connection the same as a net.connect>
}