You need to add a ca: cafile.pem
line to your options. See http://nodejs.org/api/https.html#https_https_request_options_callback for more details.
The relevant portion:
The following options from tls.connect() can also be specified. However, a globalAgent silently ignores these.
pfx: Certificate, Private key and CA certificates to use for SSL. Default null.
key: Private key to use for SSL. Default null.
passphrase: A string of passphrase for the private key or pfx. Default null.
cert: Public x509 certificate to use. Default null.
ca: An authority certificate or array of authority certificates to check the remote host against.
During application startup, read in the CA's certificate file with something like var casigningcert = fs.readFileSync('keys/ca-certsigning-cert.pem')
and then consume it later in your options, which should then look something like:
var options = {
hostname: 'encrypted.mydomain.local',
port: 443,
path: '/',
method: 'GET',
ca: casigningcert
};