I've got an node.js app which was running perfectly on http.
Then I added self-signed cert to buildup and test ssl connection.
When it worked out (with chrome notify that somebody could steal something) I bought the ssl cert from local certifier.
When I put the new cert server starts up normally but the browser says:
Error code: ERR_CONNECTION_CLOSED
Now what could be the reason?
https = require('https'),
fs = require('fs');
var keys_dir = "./ssl/"
var sslOptions = {
key : fs.readFileSync(keys_dir + 'server.key'),
cert : fs.readFileSync(keys_dir + 'certificate.crt'),
ca: [fs.readFileSync(keys_dir + 'nazwa1.crt'), fs.readFileSync(keys_dir +'nazwa2.crt')]
};
https.createServer(sslOptions, app).listen(app.get('port'), function(){ *** });
the port is 443.
Key is RSA PRIVATE KEY. Cert is based on it.
Node -v v0.10.25
Well I fixed it:
I did check md5 of key and cert and they were different. So i recreated cert and all went nice and smooth.
Related
I have done instructions from this page: https://medium.com/#invingagan/an-express-https-server-with-a-self-signed-certificate-and-socket-io-42d1f02d4d1a
That is, I created a self signed certificate:
openssl req -nodes -new -x509 -keyout server.key -out server.cert
Then I use this server code:
var express = require('express');
var app = express();
var fs = require('fs');
app.use(express.static('public'));
const server = require('https').createServer({
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')
},
app);
var io = require('socket.io')(server);
server.listen(1437, function () {
console.log('https and websocket listening on *:1437');
});
However, when I try to connect using socket.io client, I got this error:
index.js:83 GET https://localhost:1437/socket.io/?framespersecond=15&audioBitrate=22050&EIO=3&transport=polling&t=NJLEHQL net::ERR_CERT_AUTHORITY_INVALID
If I just copy and paste the URL in the browser URL field, I received the same error, so this is not a problem of socket.io client but the server miss to configure something.
I tried by creating a CA file and specify it in the call to createServer but it did not work either.
Any help?
Jaime
It turned out there was a problem when generating the certificate using openssl.
I don't really know what happened, but since I have an already issued a self signed certificate (the one that is used by Visual Studio when developing sites to be debugged using IISEXPRESS), I have exported that certificate using Digicert utility and I could finally connect using socket.io.
Regards
Jaime
I am using https package for running the program in https. I have proper ssl certificate and private key and bundle file. all these files included in my code. This https program also running without error. But when I connect front end to node js it doesn't connected. The error is "504 gateway Time out". Where is I make error? I host my code in azure.
const https = require('https');
//path for private key and certificate
let privateKey = fs.readFileSync('sslcert/server.key','utf8');
let certificate = fs.readFileSync('sslcert/server.crt','utf8');
var credential = {
key: privateKey,
cert: certificate,
};
var server = https.createServer(credential, app)
server.listen('8443',function() {
console.log('Listening on https://localhost:' + 8443);
});
Refer to this https://nodejs.org/api/net.html#net_server_listen_port_host_backlog_callback
So if you do not declare host for your server.listen() the default host should be 0.0.0.0 instead.
If you need to listen of specific address, you must define it after the port.
http.createServer(function (req, res) {
}).listen(8443, "0.0.0.0");
Your front server need to be on the same network subnet as your API.
I recently purchased a personal ssl certificate from Positive ssl. After i got everything sorted out with activating it and the validation, I was finally able to download the certificate files.
The files i got were:
www.niknet.ddns.net.ca-bundle
www.niknet.ddns.net.crt
www.niknet.ddns.net.p7b
Before I only used .key and .crt
and it worked great but now i am using the .ca-bundle and the .crt file
this is the code i use to include those files into the ssl library in node js
var httpPort = process.env.PORT || 80;
var httpsPort = process.env.PORT || 443;
var server = http.createServer(app).listen(httpPort);
var server = https.createServer({
secureProtocol : 'TLSv1_2_server_method',
ciphers : "AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH",
honorCipherOrder : true,
ca: fs.readFileSync(__dirname + '/niknet_ddns_net.ca-bundle'),
cert: fs.readFileSync(__dirname + '/niknet_ddns_net.crt')
},app).listen(httpsPort);
var io = require('socket.io').listen(server);
but I can't for the life of me get the certificate to work properly.
I just get this error
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I've been reading other posts and have tried adding their code but nothing works.
I also read somewhere that the ssl or tls library for node.js is outdated and that my certificate could be too new. If that's true, are there any other third-party ssl libraries I could use?
run this command:
openssl req -nodes -new -x509 -keyout server.key -out server.cert
Just remember to set this to localhost:
Common Name (e.g. server FQDN or YOUR name) []: localhost
then
https.createServer({
key: fs.readFileSync('./ssl/server.key'),
cert: fs.readFileSync('./ssl/server.cert')
},app)
ERR_SSL_VERSION_OR_CIPHER_MISMATCH will appear if the added certificate are not indicated properly in the first argument of createServer().
tested key and crt with openssl using bellow command (try in browser https://hostname:8888).. and found the exact cipher missing.
openssl s_server -cert server.crt -key server.key -CAfile octopz.zende.sk.ca-bundle -accept 8888 -www
Then added to the nodejs code.
var server = https.createServer({
key: privateKey,
cert: certificate,
ca: certificateAuthority,
ciphers: [
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"AES128-GCM-SHA256",
"RC4",
"HIGH",
"!MD5",
"!aNULL"
].join(':'),
}, app);
it worked!!
We have lots of dupes of this for other languages, but the closest I can find for nodejs is How to create an HTTPS server in Node.js? which is not specific or ERR_SSL_VERSION_OR_CIPHER_MISMATCH with node v7.9.0 https which is not answered. So:
SSL/TLS server including an HTTPS server needs a privatekey AND certificate/chain (with rare exceptions not applicable here). You can use a CA-issued cert (and chain) instead of a self-created (and usually self-signed) cert, as long as the CA-issued cert is for the same privatekey, but you must still provide the privatekey. You can use cert and key together, or you can combine the cert (and optionally chain) and key into a PKCS12-also-called-PFX file, and use pfx.
In addition to the Q you asked, and arguably offtopic for SO, don't use RC4. It's considered broken cryptographically, though still on average moderately difficult/costly in practice, and most standards for using SSL/TLS/HTTPS prohibit it for several years now, particularly rfc7465.
Following is the script I found on NodeJS Official Website:
// curl -k https://localhost:8000/
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
I'm completely new to SSL thing. I read some tutorials on how to enable SSL on Nodejs but still quite not confident with the process.
I have a domain name (Godaddy), SSL (Namecheap) and Cloud Server (Digital Ocean with an application deployed on HTTP prefix).
Whenever I open my Login page of my website, Google Chrome mark it as "Not secure" so I wanted to add SSL to the website.
What things I need to do on the NodeJS server (Express) and what things I need to do on Namecheap? What will be the sequence of doing that? What are cmd lines to generate .pem .csr files?
I'm didn't found and comprehensive guide laying down all the steps in a concise manner so just laid down the steps concisely (if possible) with the links to the resources for further digging.
And also, how can I use express framework to create https server in liue of above script?
That script is correct for setting the certs for your https. If your site is public, as it seems, then you'll want to buy certs from your ssl service, Namecheap in your example. Then you would move them to your host and reference them in the options object in your example. However, you can generate your own ssl certs and that will work as well. Though, any users will be warned that they're not trusted since you self signed/created them. I suggest going with the Namecheap option.
Note: You only have an https server in your example and anyone attempting to access your site via http will receive a blank page. You'll need to also create an http server, via the following:
var http = require('http');
http.createServer(...);
I would suggest having the http server simply redirect to the https url.
My code and error is here:
no such directory found error:
key: fs.readFileSync('../private.key'),
cert: fs.readFileSync('../public.cert')
error, no such directory found
key: fs.readFileSync('./private.key'),
cert: fs.readFileSync('./public.cert')
Working code should be
key: fs.readFileSync(__dirname + '/private.key', 'utf8'),
cert: fs.readFileSync(__dirname + '/public.cert', 'utf8')
Complete https code is:
const https = require('https');
const fs = require('fs');
// readFileSync function must use __dirname get current directory
// require use ./ refer to current directory.
const options = {
key: fs.readFileSync(__dirname + '/private.key', 'utf8'),
cert: fs.readFileSync(__dirname + '/public.cert', 'utf8')
};
// Create HTTPs server.
var server = https.createServer(options, app);
This is my working code for express 4.0.
express 4.0 is very different from 3.0 and others.
4.0 you have /bin/www file, which you are going to add https here.
"npm start" is standard way you start express 4.0 server.
readFileSync() function should use __dirname get current directory
while require() use ./ refer to current directory.
First you put private.key and public.cert file under /bin folder,
It is same folder as WWW file.
I bought SSL Certificates from Godaddy for our website, with two web servers on the same AWS EC2 instance - Apache Tomcat and Node/Express.
After installing the SSL Certificates on both the web servers, https://example.com is opening (Apache), but the GET request from Apache to Node is failing.
The GET request to Node is working fine with the self-generated certificate (though it shows a crossed out https). When we replace that with CA certificates, it is not working. Please see the relevant code below.
var https = require("https"); // https server core module
var fs = require("fs"); // file system core module
var express = require("express"); // web framework external module
// Setup and configure Express http server. Expect a subfolder called
“static” to be the web root.
var httpApp = express();
httpApp.configure(function() {
httpApp.use(express.static(__dirname + "/static/"));
});
// Start Express https server on port 443
var webServer = https.createServer(
{
key: fs.readFileSync("/pathtokeys/ssl.private.key"),
cert: fs.readFileSync("/pathtokeys/1.crt"),
cert: fs.readFileSync("/pathtokeys/2.crt"),
cert: fs.readFileSync("/pathtokeys/3.crt"),
passprase:"miljul123$$$"
},
httpApp).listen(4431);
// Start Socket.io so it attaches itself to Express server
var socketServer = io.listen(webServer, {"log level":1});
var rtc = apsrtc.listen(httpApp, socketServer);
Any thoughts or suggestions? Thanks.