Skip to content

--use-system-ca support for intermediate certificates on Windows #57163

New issue
New issue
Closed
#57164
Closed
--use-system-ca support for intermediate certificates on Windows#57163
#57164
Labels
feature requestIssues that request new features to be added to Node.js.
@timja

Description

@timja
timja
opened on Feb 21, 2025

What is the problem this feature will solve?

Third-party SaaS TLS proxies (e.g. ZScaler) will often be provided with an Intermediate CA certificate and not the organisation root CA certificate.

macOS supports Intermediate CA certificates and we should bring this to Windows as well.

See #56833 (comment)

What is the feature you are proposing to solve the problem?

I'm researching and looking for other implementations, so far I've verified locally that when I add:

  • Root CA certificate to Trusted Root Certification Authorities
  • Intermediate CA certificate to Intermediate Certification Authorities
    In the Certificates - Current Use store.

See Chromium source code: https://github.com/chromium/chromium/blob/98f89988c9774d0e138a0724aa64c46187203a77/net/cert/internal/trust_store_win.cc#L220-L222

Chrome works and I can access https://localhost:8443 from my test repository that was used for the macOS implementation: https://github.com/timja/openjdk-intermediate-ca-reproducer

What alternatives have you considered?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature requestIssues that request new features to be added to Node.js.

    Type

    No type

    Projects

    Node.js feature requests

    Status

    Awaiting Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions