I bought an SSL certificate at GoDaddy and I'm using the following node.js server to attempt to set it up:
var https = require('https'), // module for https
fs = require('fs'); // required to read certs and keys
var options = {
key: fs.readFileSync('../../ssl/example.com.key'),
cert: fs.readFileSync('../../ssl/example.com.crt'),
ca: fs.readFileSync('../../ssl/gd_bundle.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type": "application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type": "application/json"});
res.end('{"status":"denied"}');
}
}).listen(443);
After running the server, I attempted to visit the website at https://example.com and I just get
{"status":"denied"}
I guess this is working properly since I'm getting a response, but I think my understanding of how SSL works is wrong. I thought the browser gets the certificate from the server, which then authenticates it against root certs, ie from GoDaddy. so shouldn't i get
{"status":"approved"}
just simply visiting https://example.com ?
So I guess my question is, how do I visit https://example.com and get {"status":"approved"}?
Thanks!
The reason you are getting denied, is because you are trying to authenticate using client certificate authentication. Each end user needs a client certificate signed by your server certificate. How to setup Client Certificates and Certificate Auth with Node .
If you are just attempting to encrypt your web traffic, you don't need the client certificates. Use the example here http://nodejs.org/docs/latest/api/https.html if you just want the traffic encrypted.
This is wrong:
ca: fs.readFileSync('../../ssl/gd_bundle.crt')
ca
needs to be an array of strings or buffers containing individual certificates. If you supply a bundle, only the first certificate is used and the rest is ignored.
See also: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
1.) First Open your cpanel 2.) SSL/TLS 3.)Manage SSL sites. 4.) Select Domain on which you want to add ssl 5.) Then Autofill by certificate
You will get here crt and key create 2 files domain.pem and domain.crt
put crt code into domain.crt and key code into domain.pem file and put both file on the main root
const https = require('http');
const fs = require('fs');
const httpsOptions = {
key: fs.readFileSync('domain.pem'),
cert: fs.readFileSync('domain.crt'),
ca: fs.readFileSync('domain.crt'),
passphrase: '??'
}
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type":
"application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type":
"application/json"});
res.end('{"status":"denied"}');
}
}).listen(443);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.