Ok. I figured it out.
There are a few things wrong with the instructions from everyone that I have seen give out node examples for public CA-signed certs.
Again this is for NetworkSolutions as a CA provider. This is as a server CA and NOT a client CA. There is no dual-CA authentication, only the single side from the server.
The notes for adding the CA public certs are confusing, because the CA is not the CA attribute in the options. It is the cert attribute.
Symptoms for this are no matter what you do the same error appears and you can authenticate it if you use your creds as a part of the call
Code:
openssl s_client -CAfile 4_CRTs_Sample_DVServ_DVUser_AddT.crt -connect sample.whataremindsfor.com:56900
Step 1: If you have several crts cat them all together using your full-qualified domain first.
Code:
cat SAMPLE.WHATAREMINDSFOR.COM.crt DV_NetworkSolutionsDVServerCA2.crt DV_USERTrustRSACertificationAuthority.crt AddTrustExternalCARoot.crt > 4_CRTs_Sample_DVServ_DVUser_AddT.crt
Step 2: Ensure that after you cat the files together the beginning and end tags are on a different line
NO:
Code:
-----BEGIN CERTIFICATE----------END CERTIFICATE-----
YES:
Code:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Step 3: Don't use the 'ca' attribute for server side CA. Only use the 'cert' attribute.
Code:
var secure_options = {
key: secure_fs.readFileSync('PATH/sample.whataremindsfor.com.key', 'utf8'),
cert: secure_fs.readFileSync('PATH/4_CRTs_Sample_DVServ_DVUser_AddT.crt', 'utf8'),
};