Server aborted the SSL handshake error - node.js

I can't get a server running behind HTTPS working node.js. My goal is to get a Hapi server running with a self-signed certificate.
This was how I generated my self-signed certificate:
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem
This is how I start the server in Hapi:
server.connection({
port: 9920,
tls: {
key: fs.readFileSync(path.resolve(__dirname, './cert/key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, './cert/cert.pem')),
rejectUnauthorized: false
},
routes: {
cors: true
}
});
In order to verify it wasn't a Hapi only issue, I verified that this also doesn't work in vanilla node.js:
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync(path.resolve(__dirname, './cert/key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, './cert/cert.pem')),
rejectUnauthorized: false
};
var a = https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
Both of these servers throw the same error in curl:
$ curl -kiv https://localhost:9920
* Rebuilt URL to: https://localhost:9920/
* Trying ::1...
* connect to ::1 port 9920 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9920 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake
Versions:
node: v4.1.1
npm: 3.4.0
What's going on?

Not an expert on ssl as not used it much but if you check this code the options set is different to what you have configured.
https://github.com/hapijs/university/blob/master/lib/config.js#L6
The key and cert may have not been created correctly, check these docs to ensure you are using methods properly hapi & node

Related

How to run NODE.JS (Socket.io) - CENTOS 7 with SSL domain?

My socket.io project "xampp" works fine for localhost.
I have a Centos 7 (cPanel) server. I did everything when I threw files into my server. I wrote the command "nodemon server.js" and the server is running. But I am having SSL-related problems with Client.
My site has SSL. I'm using CloudFlare. For this reason, the client cannot communicate with the server.
My project is running when I disable SSL.
How does Socket.io work with SSL?
CLOUDFLARE:
CHROME CONSOLE LOG:
Client CODE:
var socket = io.connect('https://example.com:1347');
Server.js CODE
var server = require('https').createServer(),
io = require('socket.io')(server),
port = 1337;
server.listen(port);
Firstly if you use CloudFlare. You should know SSL Ports.
HTTPS ports supported by Cloudflare:
443 2053 2083 2087 2096 8443
Use whichever port is empty on your server. Recommended: (8443)
Connect to your server with PUTTY. Then locate the directory of the domain on your server. If you are using cpanel. Follow this road.
cd /home/domainname/public_html
You will come to the site's home directory.
Then you need to create the necessary files for SSL to the server. Enter the individual commands below.
openssl genrsa -out privatekey.pem 2048
openssl req -new -key privatekey.pem -out certrequest.csr
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
Client CODE:
var socket = io.connect('https://example.com:8443', {secure: true});
Server.js CODE
var fs = require('fs');
var https = require('https');
var options = {
key: fs.readFileSync('privatekey.pem'),
cert: fs.readFileSync('certificate.pem')
};
var server = https.createServer(options);
var io = require('socket.io').listen(server);
var port = 8443; // Enter any of the cloudflare ports.
server.listen(port, function(){
console.log('listening : ' + port);
});

Self signed certificate: I am missing the relation between browser and server

I created a Self Signed certificate using openSSL using this command:
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
I have a Express/Node server using it through this code:
https
.createServer(
{
key: fs.readFileSync("/Users/Me/.localhost-ssl/localhost.key"),
cert: fs.readFileSync("/Users/Me/.localhost-ssl/localhost.crt")
},
app
)
.listen(8080, () => console.log(env + " Server listening on port 8080"));
I started this server and it's running through https. I have a client (based on create-react-app) running in the same machine, different port, trying to connect to this server on port 8080.
On the first run, I trusted the certificate after Chrome said that it was invalid and, as the picture below shows, my client app does not complain about the certificate:
However, the client can't retrieve data from the server. The client shows this error:
Here my keychain picture, showing this certificate:
What is missing? Do I need 2 certificates in my keychain? Because I am running the client and the server in the same machine.

Node.js HTTPS configuration error - no common encryption algorithm(s)

I have seen other similar questions but non addresses my problem. I have generated my TLS (openSSL) Self-Signed certificate, but seems not working on my NodeJS server.
Instructions to generate SSL
openssl req -newkey rsa:2048 -keyout key.pem -x509 -days 365 -out certificate.pem
openssl x509 -text -noout -in certificate.pem
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
openssl pkcs12 -in certificate.p12 -noout -info // verify certificate
So at the end I have .p12 also known as PFX type certificate. Below is my Node.js code:
// ------- Start HTTPS configuration ----------------
const options = {
pfs: fs.readFileSync('./server/security-certificate/certificate.p12'),
passphrase: 'secrete2'
};
https.createServer(options, app).listen(8443);
// -------- End HTTPS configuration -----------------
// Also listen for HTTP
var port = 8000;
app.listen(port, function(){
console.log('running at localhost: '+port);
});
Here is the output when I run curl command, the HTTP request is served correctly, only HTTPS has problem:
Moreover, if I do this:
export CURL_CA_BUNDLE=/var/www/html/node_app/server/security-certificate/cert.p12
Then I get following error:
curl: (77) Problem with the SSL CA cert (path? access rights?)
If I try to access in browser with HTTPS and port, browser says it could not load the page.
Reference links I followed:
Node.js HTTPS:
https://nodejs.org/dist/latest-v8.x/docs/api/https.html#https_https_createserver_options_requestlistener
I'm using AWS RedHat Linux
So far don't know the solution to the above posted problem related to my .p12 bundle certificate (used in my Node.js configuration).
However I have noticed that when I changed the code and tried to use the .pem certificate, it worked correctly with curl -k <MY-URL> command.
const options = {
cert: fs.readFileSync('./server/security-certificate/cert.pem'),
key: fs.readFileSync('./server/security-certificate/key.pem'),
//pfs: fs.readFileSync('./server/security-certificate/cert.p12'), // didn't work
passphrase: 'secrete'
};
https.createServer(options, app).listen(8443);
If any one knows better solution/answer please post that. So far, I'm not sure why .p12 certificate does not work. Should I rename it to .pfx (what is the different and effect)?

Running a simple HTTPS Node JS Server on Amazon EC2

I'm trying to create a simple https server on Amazon EC2 to test a third party API.
Here are the steps I've followed:
Created an Amazon EC2 instance, and opened up HTTP and HTTPS ports:
Created simple ssl credentials using
openssl genrsa 2048 > privatekey.pem
openssl req -new -key privatekey.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out
server.crt
Created a simple node js server
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('./privatekey.pem'),
cert: fs.readFileSync('./server.crt')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8080);
When I run the server, and attempt to connect to it using url https://ec2-XX-XXX-XXX-XXX.compute-1.amazonaws.com/, I keep getting a connection refused.
A telnet test also produces:
Trying XX.XXX.XXX.XXX...
telnet: connect to address XX.XXX.XXX.XXX: Connection refused
telnet: Unable to connect to remote host
Can someone please tell me what I need to fix to enable https on this EC2 instance?
Change your listen(8080) to listen(443) unless you have a web server listening on 443 and sending request to node on 8080.

Node.js can't reacive data from telegram bot websocket

I am trying to set up a telegram bot with nodejs https server with self singed certificate.
ssl certificate:
openssl req -newkey rsa:2048 -sha256 -nodes -keyout key.pem -x509 -days 365 -out crt.pem -subj "/C=IR/ST=A.Sh/L=Tabriz/O=DominoSystem/CN=5.235.36.42"
The very simple server:
var options = {
key : fs.readFileSync(__dirname + '/key.pem'),
cert: fs.readFileSync(__dirname + '/crt.pem')
};
https.createServer(options, function (req, res) {
console.log('https server');
console.log(req.url);
res.end('yoo hooo');
}).listen(8443,'0.0.0.0');
The server is accessible from internet : https://5.235.36.42:8443/
Telegram bot setWebhook returns ok {"ok":true,"result":true,"description":"Webhook was set"}
I can see in my filewall logs and DU Meters "Open TCP Connections" that nodejs.exe is receiving a connection from one of telegram's data centers and it always have the status ESTABLISHED and sometimes SYN_RCVD and then closes with send&receive=0KB but my nodejs server is not receiving any requests.
I have allowed my firewall(Comodo) to ACCEPT all incoming connections on port 8443.
I have been bashing my head around for 2 days now :( can someone help me pliz...
Windows 8.1 x64, Nodejs 5.9.1
OK, fixed it myself, it seems that Telegram didn't like the certificate generated by openssl on windows (8.1).
I generated the certificate on my linux (CentOS6) server and now it works :D, both in the server and in the local dev machine.

Resources