1# Client certificate
2
3Client certificate authentication can be configured with the `Client`, the required options are passed along through the `connect` option.
4
5The client certificates must be signed by a trusted CA. The Node.js default is to trust the well-known CAs curated by Mozilla.
6
7Setting the server option `requestCert: true` tells the server to request the client certificate.
8
9The server option `rejectUnauthorized: false` allows us to handle any invalid certificate errors in client code. The `authorized` property on the socket of the incoming request will show if the client certificate was valid. The `authorizationError` property will give the reason if the certificate was not valid.
10
11### Client Certificate Authentication
12
13```js
14const { readFileSync } = require('fs')
15const { join } = require('path')
16const { createServer } = require('https')
17const { Client } = require('undici')
18
19const serverOptions = {
20  ca: [
21    readFileSync(join(__dirname, 'client-ca-crt.pem'), 'utf8')
22  ],
23  key: readFileSync(join(__dirname, 'server-key.pem'), 'utf8'),
24  cert: readFileSync(join(__dirname, 'server-crt.pem'), 'utf8'),
25  requestCert: true,
26  rejectUnauthorized: false
27}
28
29const server = createServer(serverOptions, (req, res) => {
30  // true if client cert is valid
31  if(req.client.authorized === true) {
32    console.log('valid')
33  } else {
34    console.error(req.client.authorizationError)
35  }
36  res.end()
37})
38
39server.listen(0, function () {
40  const tls = {
41    ca: [
42      readFileSync(join(__dirname, 'server-ca-crt.pem'), 'utf8')
43    ],
44    key: readFileSync(join(__dirname, 'client-key.pem'), 'utf8'),
45    cert: readFileSync(join(__dirname, 'client-crt.pem'), 'utf8'),
46    rejectUnauthorized: false,
47    servername: 'agent1'
48  }
49  const client = new Client(`https://localhost:${server.address().port}`, {
50    connect: tls
51  })
52
53  client.request({
54    path: '/',
55    method: 'GET'
56  }, (err, { body }) => {
57    body.on('data', (buf) => {})
58    body.on('end', () => {
59      client.close()
60      server.close()
61    })
62  })
63})
64```
65