How to get the server's TLS certificate information?

[sal-limones]

https.get(url, { headers, timeout, agent: false }, res => {
  const cert = res.connection.getPeerCertificate()
  const protocol = res.connection.getProtocol()
  const valid = res.socket.authorized
  const error = res.socket.authorizationError
  console.log(cert, protocol, valid, error)
})

Is there a way to get the same data from Got?

[wreiske]

Just noticed this discussion thread after opening an issue here #2096

[sindresorhus]

You can access the TLS certificate through response.socket, but there are some caveats:

import got from 'got';

const response = await got('https://example.com');

// Access certificate info
if (response.socket && response.socket.getPeerCertificate) {
	const cert = response.socket.getPeerCertificate();
	const protocol = response.socket.getProtocol();
	const valid = response.socket.authorized;
	const error = response.socket.authorizationError;
	
	console.log(cert, protocol, valid, error);
}

Important caveats:

1. Connection reuse: With agents using keep-alive, getPeerCertificate() may return an empty object on subsequent requests to the same host. To avoid this, disable the agent:

const response = await got('https://example.com', {
	agent: {
		https: false
	}
});

2. Socket may be closed: The socket might already be closed when you access it.

More reliable approach using checkServerIdentity:

import got from 'got';

let certificate;

const response = await got('https://example.com', {
	https: {
		checkServerIdentity: (hostname, cert) => {
			certificate = cert;
			return undefined; // Accept the certificate
		}
	}
});

console.log(certificate);

This captures the certificate during the TLS handshake, before the connection is established, making it more relible than accessing it after the response.