stackoom
  简体   繁体   中英

Installing a RapidSSL certificate on node/express

 原文  2016-09-20 15:38:09       node.js/ ssl/ express/ https

Question

I am massively confused about how to configure SSL on my node server!

What I have done do far is:

-Create a self signed key and certificate on my local machine for testing locally

-Added this code to my express set up 

var privateKey = fs.readFileSync('privatekey.pem', 'utf8');
var certificate = fs.readFileSync('certificate.pem', 'utf8');
https.createServer({
    key: privateKey,
    cert: certificate
}, app).listen(port);

This is fine locally (I get browser errors but I understand that's because I self signed and I'm not a trusted authority).

Now I want to deploy with a real certificate so I bought one from RapidSSL. They sent me two keys, in plaintext in the email, both in the format

-----BEGIN CERTIFICATE-----
blah
-----END CERTIFICATE-----

One is labelled Web server CERTIFICATE , the other INTERMEDIATE CA .

I copied the content of Web server CERTIFICATE to a new file named (for the sake of this question) prodPrivatekey.pem and I moved INTERMEDIATE CA to prodCertificate.pem . Then I replaced the paths in the code above.

First off, could someone please tell me if this course of action is correct? Assume I know almost nothing about the inner workings of SSL certs!

Secondly, if it is, the error I am getting with this setup is Error: error:0906D06C:PEM routines:PEM_read_bio:no start line . The only help I can find is this question Node.js https pem error: routines:PEM_read_bio:no start line but the help here seems to relate to self signed certificates.

Thank you for any help!

1 answers

solution1
 3 ACCPTED  2016-09-20 17:51:41

var privateKey = fs.readFileSync('privatekey.pem', 'utf8');

privateKey should be your private key. You would not have given this to or received this from RapidSSL.

 var certificate = fs.readFileSync('certificate.pem', 'utf8');

certificate should be one RapidSSL has labeled Web server CERTIFICATE

That leaves INTERMEDIATE CA . This is an intermediate certificate (between your and RapidSSL's root certificate). You would need to include it in your app otherwise certain browsers such as those on Android will see an error indicating "untrusted certificate" or something of that nature.

To include it in your config, you would do something like this:

var intermediateCertificate = fs.readFileSync('intermediate.pem', 'utf8');
https.createServer({
    key: privateKey,
    cert: certificate,
    ca: [ intermediateCertificate ]
}, app).listen(port);

Once this works and if your site is public, test your site's SSL configuration using an online scanner such as SSL Labs Server Test to see if your SSL config is secure (score A or A+). Depending on the version of node you're running, the defaults may not be secure enough.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Node.js HTTPS server not responding when using RapidSSL certificate Installing a SSL Certificate on Express (Node js) Installing SSL Certificate On Node Server Installing Express in Node.js node js Error while installing npm install express code UNABLE_TO_VERIFY_LEAF_SIGNATURE unable to verify the first certificate Install Entrust SSL certificate in Node express application node.js installing - can not find express Error when installing Express for Node.js Installing node.js with express module node js not installing express any package
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM