/
opt
/
alt
/
alt-nodejs10
/
root
/
lib
/
node_modules
/
npm
/
html
/
html
/
api
/
Upload Filee
HOME
<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <title>HTTPS | Node.js v10.24.1 Documentation</title> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic"> <link rel="stylesheet" href="assets/style.css"> <link rel="stylesheet" href="assets/sh.css"> <link rel="canonical" href="https://nodejs.org/api/https.html"> </head> <body class="alt apidoc" id="api-section-https"> <div id="content" class="clearfix"> <div id="column2" class="interior"> <div id="intro" class="interior"> <a href="/" title="Go back to the home page"> Node.js </a> </div> <ul> <li><a href="documentation.html" class="nav-documentation">About these Docs</a></li> <li><a href="synopsis.html" class="nav-synopsis">Usage & Example</a></li> </ul> <div class="line"></div> <ul> <li><a href="assert.html" class="nav-assert">Assertion Testing</a></li> <li><a href="async_hooks.html" class="nav-async_hooks">Async Hooks</a></li> <li><a href="buffer.html" class="nav-buffer">Buffer</a></li> <li><a href="addons.html" class="nav-addons">C++ Addons</a></li> <li><a href="n-api.html" class="nav-n-api">C/C++ Addons - N-API</a></li> <li><a href="child_process.html" class="nav-child_process">Child Processes</a></li> <li><a href="cluster.html" class="nav-cluster">Cluster</a></li> <li><a href="cli.html" class="nav-cli">Command Line Options</a></li> <li><a href="console.html" class="nav-console">Console</a></li> <li><a href="crypto.html" class="nav-crypto">Crypto</a></li> <li><a href="debugger.html" class="nav-debugger">Debugger</a></li> <li><a href="deprecations.html" class="nav-deprecations">Deprecated APIs</a></li> <li><a href="dns.html" class="nav-dns">DNS</a></li> <li><a href="domain.html" class="nav-domain">Domain</a></li> <li><a href="esm.html" class="nav-esm">ECMAScript Modules</a></li> <li><a href="errors.html" class="nav-errors">Errors</a></li> <li><a href="events.html" class="nav-events">Events</a></li> <li><a href="fs.html" class="nav-fs">File System</a></li> <li><a href="globals.html" class="nav-globals">Globals</a></li> <li><a href="http.html" class="nav-http">HTTP</a></li> <li><a href="http2.html" class="nav-http2">HTTP/2</a></li> <li><a href="https.html" class="nav-https active">HTTPS</a></li> <li><a href="inspector.html" class="nav-inspector">Inspector</a></li> <li><a href="intl.html" class="nav-intl">Internationalization</a></li> <li><a href="modules.html" class="nav-modules">Modules</a></li> <li><a href="net.html" class="nav-net">Net</a></li> <li><a href="os.html" class="nav-os">OS</a></li> <li><a href="path.html" class="nav-path">Path</a></li> <li><a href="perf_hooks.html" class="nav-perf_hooks">Performance Hooks</a></li> <li><a href="process.html" class="nav-process">Process</a></li> <li><a href="punycode.html" class="nav-punycode">Punycode</a></li> <li><a href="querystring.html" class="nav-querystring">Query Strings</a></li> <li><a href="readline.html" class="nav-readline">Readline</a></li> <li><a href="repl.html" class="nav-repl">REPL</a></li> <li><a href="stream.html" class="nav-stream">Stream</a></li> <li><a href="string_decoder.html" class="nav-string_decoder">String Decoder</a></li> <li><a href="timers.html" class="nav-timers">Timers</a></li> <li><a href="tls.html" class="nav-tls">TLS/SSL</a></li> <li><a href="tracing.html" class="nav-tracing">Trace Events</a></li> <li><a href="tty.html" class="nav-tty">TTY</a></li> <li><a href="dgram.html" class="nav-dgram">UDP/Datagram</a></li> <li><a href="url.html" class="nav-url">URL</a></li> <li><a href="util.html" class="nav-util">Utilities</a></li> <li><a href="v8.html" class="nav-v8">V8</a></li> <li><a href="vm.html" class="nav-vm">VM</a></li> <li><a href="worker_threads.html" class="nav-worker_threads">Worker Threads</a></li> <li><a href="zlib.html" class="nav-zlib">Zlib</a></li> </ul> <div class="line"></div> <ul> <li><a href="https://github.com/nodejs/node" class="nav-https-github-com-nodejs-node">GitHub Repo & Issue Tracker</a></li> </ul> </div> <div id="column1" data-id="https" class="interior"> <header> <h1>Node.js v10.24.1 Documentation</h1> <div id="gtoc"> <ul> <li> <a href="index.html" name="toc">Index</a> </li> <li> <a href="all.html">View on single page</a> </li> <li> <a href="https.json">View as JSON</a> </li> <li class="version-picker"> <a href="#">View another version <span>▼</span></a> <ol class="version-picker"><li><a href="https://nodejs.org/docs/latest-v15.x/api/https.html">15.x</a></li> <li><a href="https://nodejs.org/docs/latest-v14.x/api/https.html">14.x <b>LTS</b></a></li> <li><a href="https://nodejs.org/docs/latest-v13.x/api/https.html">13.x</a></li> <li><a href="https://nodejs.org/docs/latest-v12.x/api/https.html">12.x <b>LTS</b></a></li> <li><a href="https://nodejs.org/docs/latest-v11.x/api/https.html">11.x</a></li> <li><a href="https://nodejs.org/docs/latest-v10.x/api/https.html">10.x <b>LTS</b></a></li> <li><a href="https://nodejs.org/docs/latest-v9.x/api/https.html">9.x</a></li> <li><a href="https://nodejs.org/docs/latest-v8.x/api/https.html">8.x</a></li> <li><a href="https://nodejs.org/docs/latest-v7.x/api/https.html">7.x</a></li> <li><a href="https://nodejs.org/docs/latest-v6.x/api/https.html">6.x</a></li> <li><a href="https://nodejs.org/docs/latest-v5.x/api/https.html">5.x</a></li> <li><a href="https://nodejs.org/docs/latest-v4.x/api/https.html">4.x</a></li> <li><a href="https://nodejs.org/docs/latest-v0.12.x/api/https.html">0.12.x</a></li> <li><a href="https://nodejs.org/docs/latest-v0.10.x/api/https.html">0.10.x</a></li></ol> </li> <li class="edit_on_github"><a href="https://github.com/nodejs/node/edit/master/doc/api/https.md"><span class="github_icon"><svg height="16" width="16" viewBox="0 0 16.1 16.1" fill="currentColor"><path d="M8 0a8 8 0 0 0-2.5 15.6c.4 0 .5-.2.5-.4v-1.5c-2 .4-2.5-.5-2.7-1 0-.1-.5-.9-.8-1-.3-.2-.7-.6 0-.6.6 0 1 .6 1.2.8.7 1.2 1.9 1 2.4.7 0-.5.2-.9.5-1-1.8-.3-3.7-1-3.7-4 0-.9.3-1.6.8-2.2 0-.2-.3-1 .1-2 0 0 .7-.3 2.2.7a7.4 7.4 0 0 1 4 0c1.5-1 2.2-.8 2.2-.8.5 1.1.2 2 .1 2.1.5.6.8 1.3.8 2.2 0 3-1.9 3.7-3.6 4 .3.2.5.7.5 1.4v2.2c0 .2.1.5.5.4A8 8 0 0 0 16 8a8 8 0 0 0-8-8z"/></svg></span>Edit on GitHub</a></li> </ul> </div> <hr> </header> <div id="toc"> <h2>Table of Contents</h2> <ul> <li> <p><span class="stability_2"><a href="#https_https">HTTPS</a></span></p> <ul> <li><a href="#https_class_https_agent">Class: https.Agent</a></li> <li> <p><a href="#https_class_https_server">Class: https.Server</a></p> <ul> <li><a href="#https_server_close_callback">server.close([callback])</a></li> <li><a href="#https_server_listen">server.listen()</a></li> <li><a href="#https_server_maxheaderscount">server.maxHeadersCount</a></li> <li><a href="#https_server_headerstimeout">server.headersTimeout</a></li> <li><a href="#https_server_settimeout_msecs_callback">server.setTimeout([msecs][, callback])</a></li> <li><a href="#https_server_timeout">server.timeout</a></li> <li><a href="#https_server_keepalivetimeout">server.keepAliveTimeout</a></li> </ul> </li> <li><a href="#https_https_createserver_options_requestlistener">https.createServer([options][, requestListener])</a></li> <li><a href="#https_https_get_options_callback">https.get(options[, callback])</a></li> <li><a href="#https_https_get_url_options_callback">https.get(url[, options][, callback])</a></li> <li><a href="#https_https_globalagent">https.globalAgent</a></li> <li><a href="#https_https_request_options_callback">https.request(options[, callback])</a></li> <li><a href="#https_https_request_url_options_callback">https.request(url[, options][, callback])</a></li> </ul> </li> </ul> </div> <div id="apicontent"> <h1>HTTPS<span><a class="mark" href="#https_https" id="https_https">#</a></span></h1> <p></p><div class="api_stability api_stability_2"><a href="documentation.html#documentation_stability_index">Stability: 2</a> - Stable</div><p></p> <p>HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a separate module.</p> <h2>Class: https.Agent<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L137">[src]</a><span><a class="mark" href="#https_class_https_agent" id="https_class_https_agent">#</a></span></h2> <div class="api_metadata"> <span>Added in: v0.4.5</span> </div> <p>An <a href="#https_class_https_agent"><code>Agent</code></a> object for HTTPS similar to <a href="http.html#http_class_http_agent"><code>http.Agent</code></a>. See <a href="#https_https_request_options_callback"><code>https.request()</code></a> for more information.</p> <h2>Class: https.Server<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L43">[src]</a><span><a class="mark" href="#https_class_https_server" id="https_class_https_server">#</a></span></h2> <div class="api_metadata"> <span>Added in: v0.3.4</span> </div> <p>This class is a subclass of <code>tls.Server</code> and emits events same as <a href="http.html#http_class_http_server"><code>http.Server</code></a>. See <a href="http.html#http_class_http_server"><code>http.Server</code></a> for more information.</p> <h3>server.close([callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/net.js#L1562">[src]</a><span><a class="mark" href="#https_server_close_callback" id="https_server_close_callback">#</a></span></h3> <div class="api_metadata"> <span>Added in: v0.1.90</span> </div> <ul> <li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a></li> <li>Returns: <a href="https.html#https_class_https_server" class="type"><https.Server></a></li> </ul> <p>See <a href="http.html#http_server_close_callback"><code>server.close()</code></a> from the HTTP module for details.</p> <h3>server.listen()<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/net.js#L1360">[src]</a><span><a class="mark" href="#https_server_listen" id="https_server_listen">#</a></span></h3> <p>Starts the HTTPS server listening for encrypted connections. This method is identical to <a href="net.html#net_server_listen"><code>server.listen()</code></a> from <a href="net.html#net_class_net_server"><code>net.Server</code></a>.</p> <h3>server.maxHeadersCount<span><a class="mark" href="#https_server_maxheaderscount" id="https_server_maxheaderscount">#</a></span></h3> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>2000</code></li> </ul> <p>See <a href="http.html#http_server_maxheaderscount"><code>http.Server#maxHeadersCount</code></a>.</p> <h3>server.headersTimeout<span><a class="mark" href="#https_server_headerstimeout" id="https_server_headerstimeout">#</a></span></h3> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>40000</code></li> </ul> <p>See <a href="http.html#http_server_headerstimeout"><code>http.Server#headersTimeout</code></a>.</p> <h3>server.setTimeout([msecs][, callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/_http_server.js#L323">[src]</a><span><a class="mark" href="#https_server_settimeout_msecs_callback" id="https_server_settimeout_msecs_callback">#</a></span></h3> <div class="api_metadata"> <span>Added in: v0.11.2</span> </div> <ul> <li><code>msecs</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>120000</code> (2 minutes)</li> <li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a></li> <li>Returns: <a href="https.html#https_class_https_server" class="type"><https.Server></a></li> </ul> <p>See <a href="http.html#http_server_settimeout_msecs_callback"><code>http.Server#setTimeout()</code></a>.</p> <h3>server.timeout<span><a class="mark" href="#https_server_timeout" id="https_server_timeout">#</a></span></h3> <div class="api_metadata"> <span>Added in: v0.11.2</span> </div> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>120000</code> (2 minutes)</li> </ul> <p>See <a href="http.html#http_server_timeout"><code>http.Server#timeout</code></a>.</p> <h3>server.keepAliveTimeout<span><a class="mark" href="#https_server_keepalivetimeout" id="https_server_keepalivetimeout">#</a></span></h3> <div class="api_metadata"> <span>Added in: v8.0.0</span> </div> <ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type" class="type"><number></a> <strong>Default:</strong> <code>5000</code> (5 seconds)</li> </ul> <p>See <a href="http.html#http_server_keepalivetimeout"><code>http.Server#keepAliveTimeout</code></a>.</p> <h2>https.createServer([options][, requestlistener])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L84">[src]</a><span><a class="mark" href="#https_https_createserver_options_requestlistener" id="https_https_createserver_options_requestlistener">#</a></span></h2> <div class="api_metadata"> <span>Added in: v0.3.4</span> </div> <ul> <li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> Accepts <code>options</code> from <a href="tls.html#tls_tls_createserver_options_secureconnectionlistener"><code>tls.createServer()</code></a>, <a href="tls.html#tls_tls_createsecurecontext_options"><code>tls.createSecureContext()</code></a> and <a href="http.html#http_http_createserver_options_requestlistener"><code>http.createServer()</code></a>.</li> <li><code>requestListener</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a> A listener to be added to the <code>'request'</code> event.</li> <li>Returns: <a href="https.html#https_class_https_server" class="type"><https.Server></a></li> </ul> <pre><code class="language-js">// curl -k https://localhost:8000/ const https = require('https'); const fs = require('fs'); const options = { key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') }; https.createServer(options, (req, res) => { res.writeHead(200); res.end('hello world\n'); }).listen(8000); </code></pre> <p>Or</p> <pre><code class="language-js">const https = require('https'); const fs = require('fs'); const options = { pfx: fs.readFileSync('test/fixtures/test_cert.pfx'), passphrase: 'sample' }; https.createServer(options, (req, res) => { res.writeHead(200); res.end('hello world\n'); }).listen(8000); </code></pre> <h2>https.get(options[, callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L292">[src]</a><span><a class="mark" href="#https_https_get_options_callback" id="https_https_get_options_callback">#</a></span></h2> <h2>https.get(url[, options][, callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L292">[src]</a><span><a class="mark" href="#https_https_get_url_options_callback" id="https_https_get_url_options_callback">#</a></span></h2> <div class="api_metadata"> <details class="changelog"><summary>History</summary> <table> <tbody><tr><th>Version</th><th>Changes</th></tr> <tr><td>v10.9.0</td> <td><p>The <code>url</code> parameter can now be passed along with a separate <code>options</code> object.</p></td></tr> <tr><td>v7.5.0</td> <td><p>The <code>options</code> parameter can be a WHATWG <code>URL</code> object.</p></td></tr> <tr><td>v0.3.6</td> <td><p><span>Added in: v0.3.6</span></p></td></tr> </tbody></table> </details> </div> <ul> <li><code>url</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="url.html#url_the_whatwg_url_api" class="type"><URL></a></li> <li><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="url.html#url_the_whatwg_url_api" class="type"><URL></a> Accepts the same <code>options</code> as <a href="#https_https_request_options_callback"><code>https.request()</code></a>, with the <code>method</code> always set to <code>GET</code>.</li> <li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a></li> </ul> <p>Like <a href="http.html#http_http_get_options_callback"><code>http.get()</code></a> but for HTTPS.</p> <p><code>options</code> can be an object, a string, or a <a href="url.html#url_the_whatwg_url_api"><code>URL</code></a> object. If <code>options</code> is a string, it is automatically parsed with <a href="url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost"><code>url.parse()</code></a>. If it is a <a href="url.html#url_the_whatwg_url_api"><code>URL</code></a> object, it will be automatically converted to an ordinary <code>options</code> object.</p> <pre><code class="language-js">const https = require('https'); https.get('https://encrypted.google.com/', (res) => { console.log('statusCode:', res.statusCode); console.log('headers:', res.headers); res.on('data', (d) => { process.stdout.write(d); }); }).on('error', (e) => { console.error(e); }); </code></pre> <h2>https.globalAgent<span><a class="mark" href="#https_https_globalagent" id="https_https_globalagent">#</a></span></h2> <div class="api_metadata"> <span>Added in: v0.5.9</span> </div> <p>Global instance of <a href="#https_class_https_agent"><code>https.Agent</code></a> for all HTTPS client requests.</p> <h2>https.request(options[, callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L267">[src]</a><span><a class="mark" href="#https_https_request_options_callback" id="https_https_request_options_callback">#</a></span></h2> <h2>https.request(url[, options][, callback])<a class="srclink" href="https://github.com/nodejs/node/blob/5182a7ece0b71feeb9157f7aa348a15d53e32058/lib/https.js#L267">[src]</a><span><a class="mark" href="#https_https_request_url_options_callback" id="https_https_request_url_options_callback">#</a></span></h2> <div class="api_metadata"> <details class="changelog"><summary>History</summary> <table> <tbody><tr><th>Version</th><th>Changes</th></tr> <tr><td>v10.9.0</td> <td><p>The <code>url</code> parameter can now be passed along with a separate <code>options</code> object.</p></td></tr> <tr><td>v9.3.0</td> <td><p>The <code>options</code> parameter can now include <code>clientCertEngine</code>.</p></td></tr> <tr><td>v7.5.0</td> <td><p>The <code>options</code> parameter can be a WHATWG <code>URL</code> object.</p></td></tr> <tr><td>v0.3.6</td> <td><p><span>Added in: v0.3.6</span></p></td></tr> </tbody></table> </details> </div> <ul> <li><code>url</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="url.html#url_the_whatwg_url_api" class="type"><URL></a></li> <li> <p><code>options</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object" class="type"><Object></a> | <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type" class="type"><string></a> | <a href="url.html#url_the_whatwg_url_api" class="type"><URL></a> Accepts all <code>options</code> from <a href="http.html#http_http_request_options_callback"><code>http.request()</code></a>, with some differences in default values:</p> <ul> <li><code>protocol</code> <strong>Default:</strong> <code>'https:'</code></li> <li><code>port</code> <strong>Default:</strong> <code>443</code></li> <li><code>agent</code> <strong>Default:</strong> <code>https.globalAgent</code></li> </ul> </li> <li><code>callback</code> <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function" class="type"><Function></a></li> </ul> <p>Makes a request to a secure web server.</p> <p>The following additional <code>options</code> from <a href="tls.html#tls_tls_connect_options_callback"><code>tls.connect()</code></a> are also accepted: <code>ca</code>, <code>cert</code>, <code>ciphers</code>, <code>clientCertEngine</code>, <code>crl</code>, <code>dhparam</code>, <code>ecdhCurve</code>, <code>honorCipherOrder</code>, <code>key</code>, <code>passphrase</code>, <code>pfx</code>, <code>rejectUnauthorized</code>, <code>secureOptions</code>, <code>secureProtocol</code>, <code>servername</code>, <code>sessionIdContext</code>.</p> <p><code>options</code> can be an object, a string, or a <a href="url.html#url_the_whatwg_url_api"><code>URL</code></a> object. If <code>options</code> is a string, it is automatically parsed with <a href="url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost"><code>url.parse()</code></a>. If it is a <a href="url.html#url_the_whatwg_url_api"><code>URL</code></a> object, it will be automatically converted to an ordinary <code>options</code> object.</p> <pre><code class="language-js">const https = require('https'); const options = { hostname: 'encrypted.google.com', port: 443, path: '/', method: 'GET' }; const req = https.request(options, (res) => { console.log('statusCode:', res.statusCode); console.log('headers:', res.headers); res.on('data', (d) => { process.stdout.write(d); }); }); req.on('error', (e) => { console.error(e); }); req.end(); </code></pre> <p>Example using options from <a href="tls.html#tls_tls_connect_options_callback"><code>tls.connect()</code></a>:</p> <pre><code class="language-js">const options = { hostname: 'encrypted.google.com', port: 443, path: '/', method: 'GET', key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') }; options.agent = new https.Agent(options); const req = https.request(options, (res) => { // ... }); </code></pre> <p>Alternatively, opt out of connection pooling by not using an <a href="#https_class_https_agent"><code>Agent</code></a>.</p> <pre><code class="language-js">const options = { hostname: 'encrypted.google.com', port: 443, path: '/', method: 'GET', key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'), agent: false }; const req = https.request(options, (res) => { // ... }); </code></pre> <p>Example using a <a href="url.html#url_the_whatwg_url_api"><code>URL</code></a> as <code>options</code>:</p> <pre><code class="language-js">const options = new URL('https://abc:xyz@example.com'); const req = https.request(options, (res) => { // ... }); </code></pre> <p>Example pinning on certificate fingerprint, or the public key (similar to <code>pin-sha256</code>):</p> <pre><code class="language-js">const tls = require('tls'); const https = require('https'); const crypto = require('crypto'); function sha256(s) { return crypto.createHash('sha256').update(s).digest('base64'); } const options = { hostname: 'github.com', port: 443, path: '/', method: 'GET', checkServerIdentity: function(host, cert) { // Make sure the certificate is issued to the host we are connected to const err = tls.checkServerIdentity(host, cert); if (err) { return err; } // Pin the public key, similar to HPKP pin-sha25 pinning const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU='; if (sha256(cert.pubkey) !== pubkey256) { const msg = 'Certificate verification error: ' + `The public key of '${cert.subject.CN}' ` + 'does not match our pinned fingerprint'; return new Error(msg); } // Pin the exact certificate, rather then the pub key const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' + 'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16'; if (cert.fingerprint256 !== cert256) { const msg = 'Certificate verification error: ' + `The certificate of '${cert.subject.CN}' ` + 'does not match our pinned fingerprint'; return new Error(msg); } // This loop is informational only. // Print the certificate and public key fingerprints of all certs in the // chain. Its common to pin the public key of the issuer on the public // internet, while pinning the public key of the service in sensitive // environments. do { console.log('Subject Common Name:', cert.subject.CN); console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256); hash = crypto.createHash('sha256'); console.log(' Public key ping-sha256:', sha256(cert.pubkey)); lastprint256 = cert.fingerprint256; cert = cert.issuerCertificate; } while (cert.fingerprint256 !== lastprint256); }, }; options.agent = new https.Agent(options); const req = https.request(options, (res) => { console.log('All OK. Server matched our pinned cert or public key'); console.log('statusCode:', res.statusCode); // Print the HPKP values console.log('headers:', res.headers['public-key-pins']); res.on('data', (d) => {}); }); req.on('error', (e) => { console.error(e.message); }); req.end(); </code></pre> <p>Outputs for example:</p> <pre><code class="language-text">Subject Common Name: github.com Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16 Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU= Subject Common Name: DigiCert SHA2 Extended Validation Server CA Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho= Subject Common Name: DigiCert High Assurance EV Root CA Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= All OK. Server matched our pinned cert or public key statusCode: 200 headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains </code></pre> </div> </div> </div> <script src="assets/sh_main.js"></script> <script src="assets/sh_javascript.min.js"></script> <script>highlight(undefined, undefined, 'pre');</script> </body> </html>