生成SSL密钥以使用node.js

Question

I'm working to setup a SSL via GoDaddy to use with my node.js server on AWS EC2. I've been unable to get it to work.

Here's what I've tried:

Intended for the domain: files.mysite.com

On the server I run:

$ openssl req -new -newkey rsa:2048 -nodes -keyout files.mysite.key -out files.mysite.csr

Common Name: files.mysite.com
password: left empty

I then get the CSR: vim files.mysite.csr

I copy and paste from:

-----BEGIN CERTIFICATE-----
......... lots of stuff
-----END CERTIFICATE-----

There is an extra empty line at the end, which I leave and paste into the GoDaddy interface using rekey.

I then download the godaddy key which provides:

gd_bundle.crt
files.mysite.com.crt

Then in node I insert:

key: fs.readFileSync('server.key').toString(),
cert: fs.readFileSync('server.crt').toString()

I'm not sure what server.key is or server.crt given that GoDaddy provides two crt files?
Can you help?

Answer 1

GoDaddy uses an intermidiate certificate to sign your certificate. This has several advantages to both you and GoDaddy. But it takes a bit more work to get it to work (just a bit, mostly googling around).

In node.js you can install them like this:

require('https').createServer({
    key: fs.readFileSync('files.mysite.com.key'),
    cert: fs.readFileSync('files.mysite.com.crt'),
    ca: [fs.readFileSync('gd_bundle.crt')] // <----- note this part
}, app).listen(443);

Answer 2

You should use .crt and .key files at the creation of your http server instance. The following snippet will give you the idea :

require('https').createServer({
    key: fs.readFileSync('/path/to/something.key'),
    cert: fs.readFileSync('/path/to/something.crt'),
}, app).listen(443);

If you have a passphrase for your key, you can pass it though as follows :

require('https').createServer({
    key: fs.readFileSync('/path/to/something.key'),
    cert: fs.readFileSync('/path/to/something.crt'),
    passphrase: 'your_secret_passpahrase'
}, app).listen(443);