Some time ago I tried pretty much the same code on previous version of nodejs and it worked (suppose we have router already)
var https = require('https');
var fs = require("fs");
var crypto = require("crypto");
var private_key = fs.readFileSync("cert/domainname.key").toString();
var cert = fs.readFileSync("cert/domainname.crt").toString();
var options = crypto.createCredentials({
key: private_key,
cert: cert
});
var server = https.createServer(options, router);
server.listen(8080);
I got error Missing PFX or certificate + private key. Why is that? I passed both private key and certtificate.
You shouldn't need to use crypto.createCredentials() or .toString() the file contents:
var options = {
key: fs.readFileSync('cert/domainname.key'),
cert: fs.readFileSync('cert/domainname.crt')
};
var server = https.createServer(options, router):
https.createServer() expects an options Object, with either a pfx or key and cert, rather than a credentials object created by crypto.createCredentials().
And using .toString() on the Buffers from readFileSync() will attempt to treat the binary as UTF-8 and convert to a UTF-16 String, which may actually cause data loss.
Side note: Unlike require(), fs paths like 'cert/domainname.key' will be relative to the current working directory. To treat them as relative to the current module file, you can combine them with __dirname.
fs.readFileSync(__dirname + '/cert/domainname.key')
See an example of using https with express here: https://github.com/steinfletcher/https-expressjs-example/blob/master/README.md
Related
This is my code for enabling https on node express server.
const express = require("express");
const path = require("path");
const https = require("https");
const fs = require('fs');
const crypto = require('crypto');
const passphrase = 'passphrase';
const options = {
pfx: fs.readFileSync('./cert/test.pfx'),
passphrase: passphrase,
secureOptions: crypto.constants.SSL_OP_NO_TLSv1
| crypto.constants.SSL_OP_NO_SSLv2
| crypto.constants.SSL_OP_NO_SSLv3
| crypto.constants.SSL_OP_NO_TLSv1_2,
}
const port = process.env.PORT || 8083;
const app = express();
...
This works fine if i hardcode the passphrase, or if the passphrase is in a variable. But when i am trying to read it from process.env.PASSPHRASE, it gives me "mac verify failure".
I can see that the process.env variable is being set by logging it in the app.
I have tried setting the variable as follows:
SET PASSPHRASE=passphrase
SET PASSPHRASE='passphrase'
SET PASSPHRASE="passphrase"
and in code:
passphrase: process.env.PASSPHRASE
passphrase: process.env.PASSPHRASE || 'passphrase'
passphrase: process.env.PASSPHRASE.toString()
none of these work.
I am on a windows machine and i can see that the way i am setting environment variables seems to be correct, as i am also getting the PORT from process.env when running the server.
Shortly after posting the question, I realized that it must be a fault in how i am setting the environment variable.
This was how i was setting the variable and running the app:
SET HTTPS_PASSPHRASE=passphrase && node server-prod.js
it seems all what was required was to remove the space before the &&
SET HTTPS_PASSPHRASE=passphrase&& node server-prod.js
the space was being considered a part of the value of the variable as well. I did not realize it sooner as the trailing space wasn't showing up in console.log
I was looking through my codebase today, the portion which sets up the server and found the following lines:
var https = require('https');
https.globalAgent.options.secureProtocol = 'TLSv1_2_method';
function createHttpsServer(app) {
var https = require('https');
var fs = require('fs');
const options = {
secureProtocol: 'TLSv1_2_method',
// ...
};
var server = https.createServer(options, app);
return server;
}
It looked like code duplication to me and I am not sure why these do different things (or do they?).
A colleague of mine told me that the top one is for controlling TLS in HTTPS requests made from NodeJS, which in turn, gives us access to the https.agent which is used for all things related to client HTTP requests.
This was also compared to the ServicePointManager in the .NET world.
So do these methods both do different things? At some point, our code does:
var server = protocol === 'https' ? createHttpsServer(app) : createHttpServer(app);
Wouldn't that be using the same server at the end of the day?
var server = protocol === 'https' ? createHttpsServer(app) : createHttpServer(app);
The above line creates the same server, the only difference is if the protocol is 'https' it will run on HTTPS server (this require SSL certificate) whereas if the protocol is http it will run on HTTP server.
It seems to be an evidence for a lot of people, since I really found nothing about how I can configure an AdonisJS app to listen to HTTPS...
Can you help me, please ?
bootstrap/http.js
Replace Server.listen(Env.get('HOST'), Env.get('PORT')) with the following code.
If your cerificates files are in app/ssl folder, you can do this using,
const https = require('https')
const Helpers = use('Helpers')
var certOptions = {
key: fs.readFileSync(Helpers.appPath() + '/ssl/<you-privatekey.pem>'),
cert: fs.readFileSync(Helpers.appPath() + '/ssl/<your-certificate.pem>'),
}
https
.createServer(certOptions, Server.handle.bind(Server))
.listen(Env.get('HOST'), Env.get('PORT'))
I have an express js application that I want to listen on HTTPS.
I had a .key file and a .crt file that were already in PEM format (they contained readable text, as this answer says to check), so I used OpenSSL with these commands (taken from the answer linked above, and before finding that answer I had tried using the .key and .crt files I already had and using .pem files created by just renaming those two files into .pem, with no success):
openssl x509 -in public.crt -out public.pem -outform PEM
openssl rsa -in private.key -out private.pem -outform PEM
When I try to access the website at https://localhost, though, this is the error I get:
How can I make it work as intended?
Note that the certificate and key are VALID since I'm already using them on an existing website, it's not a self-signed test certificate.
Also, the client page tries to get the resource "/hey" but in addition to the HTTPS error in the certificate, instead of the resource the page gets a response that says "Cannot GET/"
Here is the code to the node.js app:
var express = require('C:/Users/f.fiore/AppData/Roaming/npm/node_modules/express');
var fs = require('fs');
var http = require('http');
var https = require('https');
var key = fs.readFileSync('./private.key');
var cert = fs.readFileSync('./public.crt')
var options = {
key: key,
cert: cert
};
var PORT = 8000;
var HOST = 'localhost';
var app = express();
var httpServer = https.createServer(app);
var httpsServer = https.createServer(options, app);
httpServer.listen(PORT);
httpsServer.listen(443);
// routes
app.get('/hey', function(req, res) {
sendToClient("HO!", res, 200, "text/plain");
});
function getHeader(type){
return {"Content-Type": type};
}
function sendToClient(data, res, code, type){
res.writeHead(code, getHeader(type));
(type === "text/html" || type === "text") ? res.end(data, "utf-8") : res.end(data);
}
Your certificate is valid, however the provider of the certificate is not the original issuer of this certificate.
So you need to provide the whole chain certificate at your localhost to make it work.
https://certificatechain.io/ seems like they are providing a service for this, but haven't tried. Better way is to check with your certificate provider.
Self signed certificates also bring such an error.
EDIT
Seems like the problem was more basics. Updating the solution
Try to play with your etc/hosts file to show the real domain name at your localhost. Right now it is looking for a domain called localhost and I don't think that you get a certificate for your localhost :) \Windows\System32\drivers\etc\hosts at windows environment
For your basic request of /hey please insert this codeblock
app.get('/hey', function(req, res){
res.send('HO!');
});
I am using connect server, and I need to create my localhost under https (even if certificates are not valid).
At the moment I am using the following script which createa a server listing at http://127.0.0.1:8080/
I need to set it up as: https://127.0.0.1:8080/
How to configure connect server?
gulp.task('dev:connect', function () {
// runs connect server for rapid development
connect.server({
root: ''
});
});
I am also trying this but with not success:
var https = require('https');
var options = {
key: fs.readFileSync('b.key'),
cert: fs.readFileSync('a.crt')
};
var app = connect(); // error here object is not a function
https.createServer(options, app).listen(8080);
Try to run the following, I think the key is protected:
$ openssl rsa -in b.key -out b-unprotected.key
$ cat b-unprotected.key a.crt > a.pem
Let me know if this works