Long story short, I build an app for my company, bundle up, then it is required a https server for app to release. I want to do it with express.js. How? BTW, I don't want to bother CA for certificate and key, can I use openssl to self generate all of that, and make it running?
var options = {
key: fs.readFileSync('./keys/myserver.key'),
cert: fs.readFileSync('./keys/myserver.crt'),
passphrase: '1234'
};
How do I get myserver.key and myserver.crt?
Super delayed answer but you can generate them with your terminal.
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
Related
i am using saml method generateServiceProviderMetadata because my IDP need metadata and entityId for my application . generateServiceProviderMetadata method need 2 parameters (decryptionCert, signingCert) for this we have to pass decryptionPvk(decryption_key) privateCert(signing_key) to saml strategy .
for genrating pem i used command
$ openssl req -x509 -newkey rsa:4096 -keyout signing_key.pem -out signing_cert.pem -nodes -days 900
$ openssl req -x509 -newkey rsa:4096 -keyout decryption_key.pem -out decryption_cert.pem -nodes -days 900
but open ssl is self signed certificate(self signed will not work), On aws ec2 domain can i use aws certificate so i can genrate meta data
Can Anyone Help Me Out
i need metadata and entityId for my saml application so i can give that to IDP
I have created a socketcluster nodejs app. I followed their official docs to deploy the service to Google K8s Engine. However the ingress service is not running up and complains about :
Error:googleapi: Error 400: The SSL key is too large., sslCertificateKeyTooLarge
I tried following certificates:
4048 Key size certificate from Let'sEncrypt
2048 Key size using cert created using Open SSL.
Both of them result the the same error.
Do any one know how do I resolve this? And where do I get proper certificate for enabling TLS?
IIRC, only RSA-2048 and ECDSA P256 keys are supported:
openssl genrsa -out PRIVATE_KEY_FILE 2048
openssl ecparam -name prime256v1 -genkey -noout -out PRIVATE_KEY_FILE
I also struggled due to this error on using Letsencrypt certs with 4096bit private key to a GKE ingress - even creating the secret worked fine for [1].
Finally overcame with editing "/etc/letsencrypt/cli.ini"
rsa-key-size = 2048
issued new certificate, keyfile and put those into secret.
[1] https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl
On Cloud Shell, GCP with "openssl" and "gcloud", I tried to create a self-managed SSL certificate first running this command below to create "myCert.crt" and "myKey.key":
openssl req -new -newkey rsa:4096 -x509 -days 365 -nodes -out myCert.crt -keyout myKey.key
Then, ran this command below to create the self-managed SSL certificate "mycert" using "myCert.crt" and "myKey.key":
gcloud compute ssl-certificates create mycert --certificate=myCert.crt --private-key=myKey.key
But I got a similar error to yours:
ERROR: (gcloud.compute.ssl-certificates.create) Could not fetch
resource:
The SSL key is too large.
So I changed "rsa:4096" to "rsa:2048" then ran the first command again:
// "4096" is changed to "2048"
openssl req -new -newkey rsa:2048 -x509 -days 365 -nodes -out myCert.crt -keyout myKey.key
Then, ran the second command again:
gcloud compute ssl-certificates create mycert --certificate=myCert.crt --private-key=myKey.key
Finally, I could create the self-managed SSL certificate "mycert":
Created
[https://www.googleapis.com/compute/v1/projects/myproject-923743/global/sslCertificates/mycert].
NAME: mycert TYPE: SELF_MANAGED CREATION_TIMESTAMP:
2022-01-22T07:22:26.058-08:00 EXPIRE_TIME:
2023-01-22T07:22:08.000-08:00 MANAGED_STATUS:
I have an Outlook Web Add-In, running on node server, locally I need it to run with a valid ssl cert to debug in IE.
In Chrome it looks like this
I have built a cert using the following command line
C:\OpenSSL-Win32\bin\openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
I run the application using VS Code and the command line npm start
My env file is .env.development.local
it contains one line HTTPS = 'true'
I have looked at
https://www.npmjs.com/package/serve-https
It appears to look like that is not used for development
So inside scripts\start.js file what do I need to get it to respect the ssl cert.
I am trying to set up Mosca MQTT broker which is based on node.js
From the documentation below,
https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration
var mosca = require('mosca')
var SECURE_KEY = __dirname + '/../../test/secure/tls-key.pem';
var SECURE_CERT = __dirname + '/../../test/secure/tls-cert.pem';
Where do I get tls-key.pem and tls-cert.pem?
From the link https://github.com/mcollina/mosca/wiki/TLS-SSL-Configuration in your question, you are directed to another link https://nodejs.org/api/tls.html#tls_tls_ssl
Now, follow the instructions in this link.
$ openssl genrsa -out tls-key.pem 2048
$ openssl req -new -sha256 -key tls-key.pem -out ryans-csr.pem
$ openssl x509 -req -in ryans-csr.pem -signkey tls-key.pem -out tls-cert.pem
There you go. You should have your pem files.
It all depends on what you want to use the broker for.
If it's for simple private playing then you can create your own self signed certificate with openssl (details here)
openssl genrsa -des3 -out tls-key.pem 1024
openssl req -new -key tlk-key.pem -out server.csr
cp tlk-key.pem tls-key.pem.org
openssl rsa -in tls-key.pem.org -out tls-key.pem
openssl x509 -req -days 365 -in server.csr -signkey tls-key.pem -out tls-cert.pem
or if you are planning to do client authentication using certificates as well then can create your own Certificate CA and create a certificate signed by this. This is a longer process, details can be found here
Or finally if you want to make a service available publicly then you probably should really get a certificate signed by a real CA. Normally these would cost money, but the Let's Encrypt group will issue certificates with 90days of life for free and have an API which lets you renew the certificate before it expires. Details here
I'm using OpenSSL to avoid pay for it. In my server is runing IIS 8 and Windows Server 2012.
I created my certificate this way:
Used IIS to create a certificate request
Used the following command to create a RSA private key
openssl genrsa -des3 -out cakey.pem 2048
After that I used this command to generate a certificate
openssl req -new -key cakey.pem -x509 -days 1825 -extensions v3_ca -out ca.crt
Finally I signed the certificate request using this:
openssl x509 -req -days 365 -in certreq.txt -CA ca.crt -CAkey cakey.pem -CAcreateserial -out iis.cer
But when I navigate to the website I get an "error" telling me that this is an "Untrusted certificate": The security certificate presented by this website was not issued by a trusted certificate authority.
What you get from OpenSSL tool is a self signed certificate. Of course it is not trusted by any browser, as who can say you are worth the trust.
Please buy a certificate if you want to set up a public web site. That's something you must pay, just like the public domain name.
Instead, if you are hosting an internal web site for your company, there are ways to set up your own CA, such as using Microsoft Active Directory Certificate Services.
Updated in 2018: Today there are more options to get free certificates, such as Let's Encrypt. Check them out and make good use of them.
Did you install your CA certificate into your browser before trying to visit the IIS server running the certificate you generated under the CA hierarchy? Here's some information about that step.