Validate a URL/Domain using Node.js HTTPS Module

Validate a URL/Domain using Node.js HTTPs Module.

Overview

This post provides guidelines on how to validate a xyz.com domain. By validation, I mean that the domain has a valid certificate signed by Certificate Authority.

Scenarios

The list given below contains scenarios in which you want to validate the domain/URL:

  1. You want to upload data to a server with a URL like this (xyz.com) and you are not sure whether this server is secure or not.
  2. You have developed a B2B service and you want to only serve requests from valid domains.

How to do it?

In node.js there are two ways to do it:

  1. https module
  2. ssl-validate module

Nodejs https module’s request method validates the domain provided against the chain of Certificate Authorities root certificate. A code example is given below:

var https = require('https');

var options = {
hostname: 'github.com/',
port: 443,
path: '/',
method: 'GET',
rejectUnauthorized: true
};


var req = https.request(options, function(res) {
console.log("statusCode: ", res.statusCode);
console.log("headers: ", res.headers);

});
req.end();

req.on('error', function(e) {
console.error(e);
});

Keypoints

rejectUnauthorized: This means that it will validate the server/domain certificate against the chain of CA's root certificate.The only problem with this approach is that this chain should be updated regularly otherwise a new domain that is signed by a certificate authority root certificate which is not part of the chain, marked as an invalid certificate(a common example is a self-signed certificate).

It can also be used but it requires another module to get the domain information.

DevSecOps Engineer https://irtizaali.com/