Node-RED HTTPS Request with Peer Certificate Output

2.0.0 verified Sat Apr 25 auth: no javascript

This Node-RED contribution provides an enhanced HTTP Request node specifically designed for making HTTPS requests. It extends the core Node-RED HTTP Request node by adding the `msg.peerCertificate` property to the output message, allowing flow developers to inspect the server's TLS/SSL certificate after a successful connection. This is crucial for applications requiring advanced certificate validation or logging. The package is currently at version 2.0.0, indicating a stable release with potential breaking changes from previous major versions. Node-RED contrib packages typically follow an as-needed release cadence, driven by user feedback and Node-RED core updates. Its key differentiator is the direct exposure of the `peerCertificate` object, which is not available in the standard Node-RED HTTP Request node, making it indispensable for secure or compliance-driven integrations.

Common errors

error Error: unable to verify the first certificate ↓

cause The server's certificate chain could not be validated against the known trusted root certificates on the Node.js system. Often happens with self-signed certificates or corporate proxies.

fix

In the node's TLS configuration, provide the correct CA certificate, or for development purposes, check 'Allow insecure TLS (self-signed, etc.)' (sets rejectUnauthorized: false) with caution.

error Node-RED: [error] [https request:myNode] TypeError: Cannot read properties of undefined (reading 'commonName') ↓

cause Attempting to access a property of `msg.peerCertificate` (like `commonName`) when `msg.peerCertificate` itself is `undefined` because the HTTPS connection failed or no certificate was presented.

fix

Before accessing msg.peerCertificate properties, always include a check: if (msg.peerCertificate && msg.peerCertificate.commonName) { ... } in your function nodes.

error Error: getaddrinfo ENOTFOUND example.com ↓

cause The hostname specified in the URL could not be resolved to an IP address, indicating a DNS issue or incorrect hostname.

fix

Verify the URL and hostname are correctly spelled and accessible from the Node-RED instance's network. Check DNS settings if needed.

Warnings

breaking Upgrading to version 2.0.0 might introduce configuration changes or subtle behavior differences compared to 1.x versions. Always test flows in a non-production environment after upgrading. ↓

fix Review the node's configuration options and ensure backward compatibility for `msg.peerCertificate` structure, especially if parsing specific certificate fields.

gotcha Incorrectly configured TLS options (e.g., self-signed certificates, invalid CAs, or `rejectUnauthorized` set to `true` without proper CA trust) will lead to connection errors, preventing any `peerCertificate` output. ↓

fix Ensure that your Node.js environment trusts the certificate authority for the target server. For self-signed certificates in development, consider setting `rejectUnauthorized` to `false` (with caution) or providing a custom CA certificate.

gotcha The `peerCertificate` property is only present on the `msg` object if the HTTPS connection is successfully established. If the connection fails due to network issues, certificate validation, or other errors, `msg.peerCertificate` will be undefined. ↓

fix Always check for the existence of `msg.peerCertificate` before attempting to access its properties (e.g., `if (msg.peerCertificate) { ... }`) and handle error paths in your flow.

Install

npm install node-red-contrib-https

yarn add node-red-contrib-https

pnpm add node-red-contrib-https

Imports

node-red-contrib-https
wrong
```
import { httpsRequest } from 'node-red-contrib-https'
```
correct
```
npm install node-red-contrib-https
```
Node-RED nodes are installed via npm into the Node-RED environment, not imported into user JavaScript code. The node then appears in the Node-RED editor palette.
HTTPS Request Node (from palette)
```
Drag 'HTTPS Request' from the Network section of the Node-RED palette into your flow.
```
After installation, the node becomes available in the Node-RED editor's sidebar palette. Its visual representation is typically similar to the standard HTTP Request node.
msg.peerCertificate
wrong
```
msg.payload.peerCertificate
```
correct
```
msg.peerCertificate
```
The `peerCertificate` object is directly added to the root of the `msg` object by this node, not nested within `msg.payload`.

Quickstart

This Node-RED flow demonstrates how to use the 'HTTPS Request' node to fetch data from `example.com` and then display the `peerCertificate` object in the debug sidebar.

[{"id":"b9e4a3c1.9c6f98","type":"tab","label":"HTTPS Request with Peer Certificate","disabled":false,"info":""},{"id":"e3f0d2b7.4a1e5c","type":"https request","z":"b9e4a3c1.9c6f98","name":"Fetch example.com cert","method":"GET","ret":"obj","paytoqs":"qs","url":"https://example.com/","tls":"","persist":false,"proxy":"","authType":"","senderr":false,"x":390,"y":100,"wires":[["c1d0a2f5.e3b4d6"]]},{"id":"c1d0a2f5.e3b4d6","type":"debug","z":"b9e4a3c1.9c6f98","name":"Show Peer Certificate","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"peerCertificate","targetType":"msg","statusVal":"","statusType":"auto","x":620,"y":100,"wires":[]},{"id":"a7b8c9d0.e1f2a3","type":"inject","z":"b9e4a3c1.9c6f98","name":"Trigger Request","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":170,"y":100,"wires":[["e3f0d2b7.4a1e5c"]]} ]