I've purchased a Comodo SSL certificate to make SSL server with express. I have these files.
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
mysite.com.key
mysite.com.csr
mysite_com.crt
According to a lot of documents I need .pem files. But nobody is saying what is that .pem files?
var options = {
key: fs.readFileSync('/key.pem'),
cert: fs.readFileSync('/cert.pem'),
ca: fs.readFileSync('/ca.pem')
};
It'd be great if there is a tutorial.
Try this answer. PEM is just a format than other SSL formats, and is very common.
Comodo may have already provided you a .pem file, but just named it .crt.
OR you may be able to request a .pem file in place of a DER-formatted file.
OR, you can use OpenSSL to convert from one format to another.
openssl rsa -inform DER -outform PEM -in mysite.com.key -out mysite.com.key.pem
openssl x509 -inform DER -outform PEM -in mysite.com.crt -out mysite.com.crt.pem
Simply start ssl OR simple way to use PEM NPM
var https = require('https'),
connect = require('connect'),
fs = require("fs");
var port = 3000;
var options = {
key: fs.readFileSync('/key.pem'),
cert: fs.readFileSync('/cert.pem'),
ca: fs.readFileSync('/ca.pem')
};
var app = express();
/* express setting */
server = require('https').createServer(options, app),
server.listen(port);
PEM npm is easiest way to start node server with SSL
like
$> npm install pem
var https = require('https'),
pem = require('pem'),
express = require('express');
pem.createCertificate({days:1, selfSigned:true}, function(err, keys){
var app = express();
https.createServer({key: keys.serviceKey, cert: keys.certificate}, app).listen(443);
});
Related
I would like to create a websocket using ws.
I use Nginx.
In my Nginx configuration that redirects "gateway.example.com" to "http://127.0.0.1:3006".
In my Cloudflare configuration (DNS), there is gateway to SERVER_IP.
// For "generate" the websocket. There are the Cloudflare key & cert.
const server = require("https").createServer({
cert: require("fs").readFileSync('./src/router/api/v1/cert.pem'),
key: require("fs").readFileSync('./src/router/api/v1/key.pem')
});
server.listen(3006)
const wss = new WebSocket.Server({
server
});
It was a problem with nginx. We need a special configuration for ws (upgrade).
I'm trying to get SSL https working on my nodejs server but the browser returns a ERR_SSL_PROTOCOL_ERROR
code:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
}
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
This will happen if your key isn't generated correctly.
A lot of places will tell you to do this:
openssl genrsa -out key.pem
That will not work if you're on a Mac, and instead you need to do this to make the key length 2048:
openssl genrsa -out key.pem 2048
In summary, do these steps to make a correct key on Mac:
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out client.csr
openssl x509 -req -in client.csr -signkey key.pem -out cert.pem
I'm trying to make a start at Service Workers and read you require to have an ssl cert.
I've Got an AngularJS 1.x application and a Node Express back end, and I run both independently so I I use grunt serve to run the front end on port 8443 and I use node app.js to run express which is on 7443.
note: I'm doing this on macOS
I used the guide on how to set up https on a project that uses Grunt: here
openssl genrsa -out livereload.key 1024
openssl req -new -key livereload.key -out livereload.csr
openssl x509 -req -in livereload.csr -signkey livereload.key -out livereload.crt
Gruntfile.js
options: {
protocol: 'https', // or 'http2'
port: 8443,
hostname: '0.0.0.0',
key: grunt.file.read('livereload.key'),
cert: grunt.file.read('livereload.crt')
},
node app.js
var privateKey = fs.readFileSync('../livereload.key', 'utf8');
var certificate = fs.readFileSync('../livereload.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
httpsServer.listen(7443, config.ip, function () {
console.log('Express server listening on %d, in %s mode', 7443, app.get('env'));
});
Both start with no errors, the front end does complain the connection is not private. When my front end tried to hit an endpoint on the express server I receive the following;
OPTIONS https://localhost:7443/api/census/general net::ERR_INSECURE_RESPONSE
Could someone please assist on this problem of mine.
You have created a self-signed certificate, which is fine for development and testing but is considered unsafe for general use. Unlike SSL certificates purchased from reputable third-parties, self-signed certificates are untrusted by default.
You will need to tell your OS to explicitly trust the certificate. I'm unfamiliar with Mac OS but this question was previously answered on SuperUser.
Earlier i used a self signed certificate and created a https server on node js using
var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );
var app = express();
https.createServer({
key: privateKey,
cert: certificate,
passphrase:'abc123'
}, app).listen(1111);
I have now purchased and verified an SSL certificate from GoDaddy.I have downloaded the SSL certificate from GoDaddy and got 2 files :
1) d752ec439hdwudbdh7.crt:
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
2)gd-bundle-g2-g1.crt:
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
What files are these and how do i configure these files to use with https.createServer
d752ec439hdwudbdh7.crt is your site's certificate generated by GoDaddy. It corresponds to your cert.pem file. As the format of the file provided by GoDaddy is actually PEM (base64 encoded data beginning with the ----BEGIN text), you can use it as it is without having to convert formats.
gd-bundle-g2-g1.crt is the set of certificates (one or more intermediate certificates and optionally, a root certificate) that is used to verify trust. This chain of certificates is what browsers and other user agents use to determine if the certificate was granted by GoDaddy, and if GoDaddy is someone they trust. You will need to use the ca option in https.createServer and specify the path to this file. Again, the file format is what is expected by node/ express and you can just rename it to something sensible and use it like this:
var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );
var caBundle = fs.readFileSync( 'ca.pem' );
var app = express();
https.createServer({
key: privateKey,
cert: certificate,
ca: caBundle,
passphrase:'abc123'
}, app).listen(1111);
Once done, I'd recommend checking your site against an online scanner like SSL Labs Server test to ensure that your site does not show any certificate related errors. It'd also be good to fix any other misconfiguration reported there.
I used OpenSSL to generate a certificate with the following steps:
~/openssl genrsa -out server.key 2048
~/openssl req -new -x509 -key server.key -out server.crt -days 730
And then loaded these files into node.js
var https = require('https');
var privateKey = fs.readFileSync('./server.key', 'utf8');
var certificate = fs.readFileSync('./server.crt', 'utf8');
var credentials = {
key: privateKey,
cert: certificate
};
var app = express();
var httpsServer = https.createServer(credentials, app);
This way, my server was running as expected. But in Chrome, when i click View Site Information, it was saying that I use an "obsolete cipher suite"..
So I checked Google's certificate, and it was saying a "modern cipher suite".
Only difference between my self-signed certificate and Google's was the Key Exchange Algorithm which was RSA on my side and ECDHE_ECDSA on Google's side.
So I decided to create a new certificate using;
~/openssl ecparam -name prime256v1 -genkey -param_enc explicit -out server.key
~/openssl req -new -x509 -key server.key -out server.crt -days 730
Files are created, and node.js gives no error about anything. But when I try to connect to server, my browser simply closes the connection (ERR_CONNECTION_CLOSED) with no indication of error on both server and client side.
I tried different private keys with different parameters but no luck. A simple error message somewhere would help a lot but I'm stuck for hours Googling about how to create Modern Ciphers, trying those out and end up having nothing.
So my question is, how am I supposed to create a self-signed strong/modern cipher (with openssl) that can work with Node.js https module?