Configuring TLS CA Certificate for External API

Hi,

I need to use a Mutually Authenticated TLS (mTLS) connection from a Freshdesk serverless application to an external API.

If the external API was to use a TLS certificate signed by a self-signed Certificate Authority (CA) (i.e. not signed by one of the globally trusted CAs built into Node.js), what is the best way to provide the Freshdesk serverless application with the certificate for the external API? I’ve assumed that I will need to provide the CA certificate(s) via an Installation Parameter (iparam).

I’ve assumed (as used in the Freshdesk developer documentation) that the [require(‘request’]) module is the preferred way to go, so I have used in the following example. Please correct me if there is a preferred alternative to [require(‘request’)].

Is the only option to include the following in the options supplied (for example) to the post method of the request object? Note in the below that it’s the tlsCaCerts variable that is supplying the CA certificate(s) and as mentioned above I’ve assumed that I will have to source the value for tlsCaCerts variable from an Installation Parameter (iparam).

var options = {
  …
  cert: tlsCert,
  key: tlsKey,
  ca: tlsCaCerts,
  method: 'POST',
  …
}

request.post(options, (err, res, body) => {
})

Is there any way to set NODE_EXTRA_CA_CERTS for the Freshdesk serverless application?

Paul

1 Like

Hi Paul,

This is a novel application being built on the platform. Thank you for building this.

I believe you need to pack the certificates along with the serverless application.

We have inbuilt request module. You can try passing same options to this module. With the inbuilt module, iparams values can also be substituted.

We don’t have a way of setting NODE_EXTRA_CA_CERTS.

Hi,
If you want traffic coming from a specific IP, we support calling external API from a static IP ( Request Method ). In this way, the external API can just whitelist this IP.

2 Likes