i'm having a problem here, this message is appearing when i test my SSL:
Certificate chain is incomplete.
I already create the http and the https server in my entry point file, and is running in some browsers without problem, but in others appear the message saying the site is not safe because the chain is incomplete.
How can i install properly the SSL to make the chain complete?
This is how i do:
SSL FOLDER
|- credentials.js
|- site.pem
|- site-cert.pem
|- site-ca.pem
In my credentials.js i have:
var fs = require('fs');
var credentials = {
key: fs.readFileSync(__dirname + '/mysite.pem', 'utf8'),
cert: fs.readFileSync(__dirname + '/mysite-cert.pem', 'utf8'),
ca: fs.readFileSync(__dirname + '/mysite-ca.pem', 'utf8'),
passphrase: 'secretphrase'
};
module.exports = credentials;
And in my entry point i have:
var app = require('../app');
var http = require('http');
var https = require('https');
var credentials = require('./ssl/credentials');
http.createServer(app).listen(3000, app.get('ip'), function() {
console.log('Running on port 3000, in ' + app.get('env') + ' mode.');
});
https.createServer(credentials, app).listen(443, app.get('ip'), function() {
console.log('Running on port 443, in ' + app.get('env') + ' mode.');
});
Maybe i forget something?
I'm not getting way the problem with the chain.
You may be required to add intermediate CA certificates that chain up to the root CA cert. See How to setup EV Certificate with nodejs server
Check your domain with an online SSL Test tool to see if all certificates in the chain are being sent by your server.
Related
I am working in MEAN STACK application, I face one issue in a live site.
In my live web site, I have stop Apache server and run nodeJs by using pm2.
Once nodeJs started by pm2, my site running very well, but after every next day, Apache server automatically starts and my nodeJs site stop.
After stopping of Apache server the nodeJS works fine.
app.js
"use strict";
var logger = require("./config/log");
var express = require("express");
var https = require('https');
var http = require("http");
var fs = require('fs');
var app = express();
var exec = require('child_process').exec;
var config, hostName, sslOptions, httpServer, callSocketDir;
/**
* #description all process variables
*/
require("./config/vars")(app, fs);
config = require("./config/config.js")(app, express);
callSocketDir = './socket';
sslOptions = {
key: fs.readFileSync(global.hzConfig.privateKey),
cert: fs.readFileSync(global.hzConfig.certificate),
passphrase: global.hzConfig.passPhrase
};
httpServer = https.createServer(sslOptions, app).listen(global.hzConfig.port,function (req, res) {
logger.log("info", 'my site is listening on ssl port ' + global.hzConfig.port + ", proccess id is " + process.pid + '!');
initEmailServer();
});
require(callSocketDir)(app, httpServer);
Stop apache server
/usr/local/apache/bin/apachectl stop
Start nodejs server
pm2 start httpsServer.js
dependencies
"express" => "version" : "4.13.4",
"nodeJs" => "version" : "v7.4.0",
"https" => "version" : "^1.0.0"
Please give me a proper guideline for this issue.
Basically the Apache server and nodejs server might be on the same port
for example
if node js server running on port 80 and your Apache server to port is also running port 80
try and set one of the server to port 8080
Is it somehow possible to create a Node.js https server in cloud9 IDE?
Below is my example of simple https server setup in Node.js.
var https = require('https');
var fs = require('fs');
var app = require('./app');
// SSL Configuration
var ca_names = ['CERT-NAME_1', 'CERT-NAME_2', 'CERT-NAME_3'];
var options = {
key: fs.readFileSync('./folder/server.key'),
cert: fs.readFileSync('./folder/server.crt'),
ca: ca_names.map(function(n) {
return fs.readFileSync('./eid/ca/' + n + '.crt');
}),
//crl: ca_names.map(function(n) { return fs.readFileSync('/eid/ca/' + n + '.crl'); }),
requestCert: false,
rejectUnauthorized: false
};
var server = https.createServer(options, app);
server.listen(process.env.PORT || 8081, process.env.IP || "0.0.0.0");
console.log('server listening on port: ' + process.env.PORT);
when I try to connect to the server then I am getting following error:
"ECONNRESET: Request could not be proxied!"
I think the problem is you are trying to listen to both HTTP and HTTPS.
c9 works as a proxy so you only need to listen on HTTP even though you are trying to use HTTPS. Try not listening to HTTPS and it should work. (more info on this)
But, if you really need HTTPS, in that case you can use a proxy like Nginx to internally proxy requests over HTTPS.(more info on this)enter link description here
So I am new to express and io but I had a server running fine for webRTC but now there is a deprecated method in webRTC that only runs on https so I tried to create an https server but it starts and then immediately exits. I cannot figure out what is wrong and I do not get any errors. Also I am using an aws ec2 to run the express io server. Maybe someone can spot where in my syntax/implementation I am going wrong.
Note I have been googling around for the past half hour and cannot figure it out
Here is the code:
var connect = require('connect');
var https = require('https');
var fs = require('fs');
var express = require('express.io');
var app = express();
//app.http().io();
var PORT = 443;
var options = {
key: fs.readFileSync('../server.key'),
cert: fs.readFileSync('../server.crt')
};
app.https(options).io();
//var app = https.createServer(options, app1);
console.log('server started on port ' + PORT);
app.use(express.static(__dirname + '/public'));
app.get('/', function(req, res){
res.render('index.ejs');
});
app.listen(PORT);
app.io.route('ready', function(req) {
req.io.join(req.data.chat_room);
req.io.join(req.data.signal_room);
app.io.room(req.data).broadcast('announce', {
message: 'New client in the ' + req.data + ' room.'
})
})
Update
I am putting a bounty on this because I would like someone to provide me with a complete answer on setting up the server for production.
You need to add a rule for port 443 in a Security Group for your instance.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html might help.
I try to use express in node.js with https.
Here the relevant code for this parts:
var express = require("express");
var app = express();
var https = require('https');
var privateKey = fs.readFileSync('./sslcert/mykey.key', 'utf8');
var certificate = fs.readFileSync('./sslcert/mssl.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
https.createServer(credentials, app).listen(5008, function(res){
console.log("Listen to: " + port)
});
In the console, it prints Listen to: 5008, but I don't see that my server get any request, even though I sent some.
When I use express without the ssl extension, everything works fine.
EDIT:
Here the code which works OK with port 5008, but without the ssl part:
var express = require("express");
var app = express();
app.listen(5008, function () {
console.log("Listening on " + port);
});
What I do wrong?
You have to specify https://, otherwise the browser/client will not know to use SSL when connecting, no matter what port is used (the default of 443 or otherwise).
Is there a way to serve two https sites on the same port from node alone (i.e. without something like nginx)?
I'm using the https module, for which SSL options (e.g. key/cert/ca) are passed into createServer. I tried creating two https servers, each listening to a different hostname, and each with SSL options specific to that hostname:
require('https').createServer(sslOptsForFoo, expressApp).listen(443, 'foo.com');
require('https').createServer(sslOptsForBar, expressApp).listen(443, 'bar.com');
But this throws an error:
Error: listen EADDRINUSE
Another idea is to create a single server rather than two, and to use different SSL options depending on the request's hostname, but I'm not sure if this is possible.
You can only do this with SNI so you may want to check for SNI support with various browsers first.
Here's one way to do SNI in node:
var https = require('https'),
fs = require('fs');
// default for non-matching requests
var serverOptions = {
key: fs.readFileSync('default.pem'),
cert: fs.readFileSync('default.crt')
};
var SNIContexts = {
'foo.com': {
key: fs.readFileSync('foo.com.pem'),
cert: fs.readFileSync('foo.com.crt')
},
'bar.com': {
key: fs.readFileSync('bar.com.pem'),
cert: fs.readFileSync('bar.com.crt')
}
};
var server = https.createServer(serverOptions, function(req, res) {
res.end('Hello world via ' + req.socket.cleartext.servername);
});
server.addContext('foo.com', SNIContexts['foo.com']);
server.addContext('bar.com', SNIContexts['bar.com']);
server.listen(443, function() {
console.log('Listening on 443');
});