Update README.md (request#2644)

Added a paragraph of text to the TLS section, on the use of the `ca` option, explicitly detailing how to get SSL certificates that consist of more than one issuer to successfully verify. It was not made clear that `ca` can be an array, and that in fact this is necessary (AFAICT) when you want to accept a certificate that has been signed by multiple issuers, common in internal environments.
amitkanfer · Nov 23, 2018 · e476ce5 · e476ce5
1 parent 418623c
commit e476ce5
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -675,6 +675,25 @@ request.get({
 });
 ```
 
+The `ca` value can be an array of certificates, in the event you have a private or internal corporate public-key infrastructure hierarchy. For example, if you want to connect to https://api.some-server.com which presents a key chain consisting of:
+1. its own public key, which is signed by:
+2. an intermediate "Corp Issuing Server", that is in turn signed by: 
+3. a root CA "Corp Root CA";
+
+you can configure your request as follows:
+
+```js
+request.get({
+    url: 'https://api.some-server.com/',
+    agentOptions: {
+        ca: [
+          fs.readFileSync('Corp Issuing Server.pem'),
+          fs.readFileSync('Corp Root CA.pem')
+        ]
+    }
+});
+```
+
 [back to top](#table-of-contents)