Recently I bought a ssl certification
Now I have 5 files:
1) COMODORSADomainValidationSecureServerCA.crt
2) COMODORSAAddTrustCA.crt
3) AddTrustExternalCARoot.crt
4) www_photoshooter_gr.crt
5) key.key (which is the private key)
I know that I have to create an https nodejs server like this sample
var https = require('https');
var fs = require('fs');
var opts = {key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')};
https.createServer(opts, function (req, res) {
res.end('secured!');
}).listen(4443);
but I don't have .pem files!!! How can I create them?
I do it like so :
var server = https.createServer({
key: fs.readFileSync('secret/server.key'),
cert: fs.readFileSync('secret/server.crt'),
ca: fs.readFileSync('secret/ca.crt'),
requestCert: true, rejectUnauthorized: false
}, app);
Where app is an Express app.
You can replace server.key with key.key, server.crt with www_photoshooter_gr.crt and ca.crt with COMODORSADomainValidationSecureServerCA.crt
Related
I am trying to add an SSL certificate to my Nodejs website.
const fs = require('fs');
const https = require('https');
const options = {
key: fs.readFileSync('./ssl/private.key', 'utf8'),
cert: fs.readFileSync('./ssl/certificate.crt', 'utf8'),
requestCert:true,
rejectUnauthorized: false
};
var server = https.createServer(options, app);
app.listen(process.env.PORT || 443, () => {
console.log('Server is running on 3000!')
})
The app does not throw any error but if I try to connec, I still get the connection is not secure in chrome.
I changed my code to:
https.createServer({
key: fs.readFileSync('./ssl/private.key'),
ca:fs.readFileSync('./ssl/ca_bundle.crt'),
cert: fs.readFileSync('./ssl/certificate.crt')
}, app).listen(443);
and it worked
I have a problem since i activated letsencrypt on my domain and did'nt have problem with http server before.
Here is my app.js code:
var app = require('express')();
var fs = require('fs');
var https = require('https');
var secureServer = https.createServer({
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert'),
ca: fs.readFileSync('server.cacert'),
requestCert: true,
rejectUnauthorized: false
}, app).listen(5221, function() {
console.log("Secure Express server listening on port "+ 5221);
});
var io = require('socket.io')(secureServer);
The Secure Express server listening on port 5221 prints out but nothing more and the codes in:
io.on('connection', function (socket) {
console.log(`Socket ${socket.id} connected.`);
}
Is not working at all.
I've also tested with .pem files, with ca.crt or without that... but nothing changes.
I have a node js server described as this:
const fs = require('fs');
const https = require('https');
const path = require('path');
const log = require('./lib/log');
const server = https.createServer({
key: fs.readFileSync(path.join(__dirname, 'server.key')),
cert: fs.readFileSync(path.join(__dirname, 'server.crt')),
ca: [fs.readFileSync(path.join(__dirname, 'ca.pem'))],
requestCert: true,
rejectUnauthorized: true
}, function() { log.debug('ok'); });
server.listen(8080, () => log.info(`Server listening on port 8080`));
My issue is that the certificate presented by the client gets rejected while it has been signed by this CA.
I've tried to use OpenSSL to be sure:
$ openssl s_server -key server.key -cert server.crt -accept 8080 -www -CAfile ca.pem -verify 5
verify depth is 5
depth=0 C = FR, O = MyO, OU = MyOU, CN = MyCN
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = FR, O = MyO, OU = MyOU, CN = MyCN
verify error:num=21:unable to verify the first certificate
verify return:1
Is there a way to have a verbose mode or to get the client's certificate?
I am trying to get both ws and wss working, on one WebSocket server.
This is what I currently have, only wss
var WebSocket = require('ws');
var https = require('https');
var privateKey = fs.readFileSync('cert/key.key');
var certificate = fs.readFileSync('cert/cert.crt');
var httpsServer = https.createServer({
ca: ca,
key: privateKey,
cert: certificate
}, this.app);
var options = {
server: httpsServer,
perMessageDeflate: false,
maxPayload: 4096
};
var wss = new WebSocket.Server(options);
I know using Socket.io it is really easy, you can just do io.attach(httpServer) and io.attach(httpsServer).
var httpServer = http.createServer(this.app);
var httpsServer = https.createServer({
key: privateKey,
cert: certificate
}, this.app);
httpServer.listen(3002, function(){
console.log('httpServer listening on port 3002');
});
httpsServer.listen(3003, function(){
console.log('httpsServer listening on port 3003');
});
this.io = new ioServer();
this.io.attach(httpServer);
this.io.attach(httpsServer);
Is this even possible, using this WebSocket library?
my nodejs server currently uses a self-signed certificate as follows:
var sslOptions = {
key: fs.readFileSync('./self-ssl/server.key'),
cert: fs.readFileSync('./self-ssl/server.crt'),
ca: fs.readFileSync('./self-ssl/ca.crt'),
requestCert: true,
rejectUnauthorized: false
};
https = require('https').createServer(sslOptions, app);
I want to change this to use a 3rd party certificate, I have received a RapidSSL certificate for my domain which is copied in ./ssl/mactester_com_ee.crt.
My question is how do I edit the old self-signed code to use the new 3rd party certificate?
Thanks,
Found the answer:
var sslOptions = {
key: fs.readFileSync('./ssl/server_private.key'),
cert: fs.readFileSync('./ssl/3rdparty.crt'),
};
https = require('https').createServer(sslOptions, app);