Does running a node HTTPS server with a self-signed certificate defeat the purpose of using HTTPS?
Question
I'm a bit confused here. I want to run a node server which will be queried from some clients. I'm trying to use HTTPS, which I am not familiar with.
After reading some guides and the node docs, I created a key and self signed certificate with openssl, and created a node HTTPS server. So far so good.
The problem is, when trying to query it (I'm doing it from a node script as a test), I get an error: self signed certificate . Fixing this seems to involve using a rejectUnauthorized: false option when sending the request.
So my question: Does this defeat the purpose of using HTTPS, or is the communication still encrypted?
1 answers
solution1
2 ACCPTED 2016-12-07 21:34:21
With a self-signed cert, your traffic is encrypted , but not authenticated (leaving you open to man-in-the-middle attacks).
You can get free certificates from Let's Encrypt ; why not use that?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.