Home Original page

Support for multiple PFX in tls.createSecureContext

Feature request

As per as tls.createSecureContext accepts multiple key/cert-chain options, I think there is a good approach to get also multiple PFX support. E.g. one for RSA and another one for ECDSA.

Workarounds

  1. Use key/cert arrays:
const config = {
  key: [ keys.dsa.key, keys.rsa.key ],
  cert: [
    Buffer.concat([keys.dsa.cert, ...keys.dsa.chain]),
    Buffer.concat([keys.rsa.cert, ...keys.rsa.chain])
  ],
  ...
}

const context = tls.createSecureContext(config)
  1. Manually call context.loadPKCS12 for another chain:
const config = {
  pfx: keys.rsa.pfx,
  ...
}

const context = tls.createSecureContext(config)
context.context.loadPKCS12(keys.dsa.pfx)

New API proposal

const config = {
  pfx: [keys.rsa.pfx, keys.dsa.pfx],
  ...
}

// Or for encrypted PFX, like for keys:
const config = {
  pfx: [
    { buffer: keys.rsa.pfx, passphrase: 'pA$sW0rD' },
    { buffer: keys.dsa.pfx, passphrase: 'h4cKm3iFy0uCaN' }
  ],
  ...
}

const context = tls.createSecureContext(config)