Can I see the TLS cert of a remote website in a worker

I’m playing with workers to test connectivity to things. Using the fetch command I can get HTML (or JSON etc.) from a remote website. E.g. one of the examples has the worker getting

One of the things I want to do is view is the TLS certificate of the remote host in the connection that got that data.

In node.js I can do this by 'require’ing the tls library and then doing some tweaking of callbacks from getting the data, but you can’t require tls or other node fundamentals in this environment.

With cloudflare workers I need to use the fetch command but the cloudflare response object doesn’t seem to have the hooks to view the TLS certificate. In the object this stuff is present but that’s for the request to the worker as I understand it.

Am I missing/misunderstanding something in the documentation? or is this not possible?

Thanks in advance


Dont take my response as a definitive answer, as my experience with Fetch is somewhat shaky, but from everything a quick search revealed it really would seem as if there is no dedicated access to that information. You seem to be able to include a client certificate as part of the request (“credential” in Fetch’es lingo) but not access the server certificate.

Only possibility I could imagine right now is that it is injected as meta data into the headers object. Have you checked there? But thats mere guessing.

Again, no definitive answer :smile:

Thanks for trying to help

Looking at the definitions in the URL you posted headers is just the HTTP headers. I’m going to try and enumerate them on a real fetch to confirm

Edit did so.

Example result has no TLS stuff
cf-ray: 4e20708fcbffc538-ORD
content-length: 342content-type: text/html;
date: Wed, 05 Jun 2019 07:30:10 GMT
expect-ct: max-age=604800, report-uri=“
server: cloudflare
set-cookie: __cfduid=dfd9aa7666c9db243e606de662ee9acbd1559719810; expires=Thu, 04-Jun-20 07:30:10 GMT; path=/;; HttpOnly

That was my assumption. In that case it really looks like it is not possible to access the server certificate in this context.

Maybe check out the environment settings object as well