SSL With node / IIS

Question

My current setup with the company i've joined is IIS is being used as our main web server, using a CA signed certificate. I've got access to the certificate.pdx aswell as the private key.

I've setup a https node API server to handle some real time stuff / act as a simple additional middle layer, but my website is being served through IIS. The flow of the application is something like this.

1) Visit web page where IIS will then serve it

2) Click on a button, which then makes a GET request to my node server

             IIS                                                  NODE

  E.g 100.10.10.10:3000/mypage     > Click Button >      100.10.10.10:4000/myGetRequest

At the minute i'm just using self signed in my development environment, and manually accepting the certificates.

My question is can I just use the same certificate that IIS is using on my node HTTPS server, or do I need a different one?

Answer 1

It would be best if the IIS could proxy the requests to your Node app. That way your Node app wouldn't even need a certificate (if it's on localhost). See this answer for more details:

• Configuring HTTPS for Express and Nginx

It uses the example of nginx but you should be able to proxy the requests with IIS as well. See this tutorial:

• Setup IIS with URL Rewrite as a reverse proxy for real world apps