How to create .pem files for https web server
node.jsSslHttpsWebserverPemnode.js Problem Overview
I'm using the Express framework in Node.js to create a web server. I want to use ssl for the web server's connection.
The code to create the https web server is as below.
var app = express.createServer({
key: fs.readFileSync('./conf/key.pem'),
cert: fs.readFileSync('./conf/cert.pem')
});
module.exports = app;
Question: How to create the key.pem and cert.pem required by express?
node.js Solutions
Solution 1 - node.js
The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like -----BEGIN RSA PRIVATE KEY-----
or similar.
To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR (which also contains your public key).You can do this in a variety of ways, but here's how in OpenSSL.
openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
This will cause you to enter an interactive prompt to generate a 2048-bit RSA private key and a CSR that has all the information you choose to enter at the prompts. (Note: Common Name is where you'll want to put the domain name you'll be using to access your site.) Once you've done this you would normally submit this CSR to a trusted certificate authority and once they've validated your request you would receive a certificate.
If you don't care about your certificate being trusted (usually the case for development purposes) you can just create a self-signed certificate. To do this, we can use almost the same line, but we'll pass two extra parameters.
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
This will give you a cert (valid for 10 years) and key pair that you can use in the code snippet you posted.
Solution 2 - node.js
Just follow this procedure :
-
create the folder where you want to store your key & certificate :
mkdir conf
-
go to that directory :
cd conf
-
grab this
ca.cnf
file to use as a configuration shortcut :wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf
-
create a new certificate authority using this configuration :
openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem
-
now that we have our certificate authority in
ca-key.pem
andca-cert.pem
, let's generate a private key for the server :openssl genrsa -out key.pem 4096
-
grab this
server.cnf
file to use as a configuration shortcut :wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf
-
generate the certificate signing request using this configuration :
openssl req -new -config server.cnf -key key.pem -out csr.pem
-
sign the request :
openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem
I found this procedure here, along with more information on how to use these certificates.
Solution 3 - node.js
An alternative is to generate the certificates with the pem library using the createCertificate method of the class.
The process would be as follows:
Install openssl in your system if not there already, for instance for windows 10 the a compiled version of the sources (seems like the most open one) can be found here: https://curl.se/windows/ the explanations of how it is compiled and safeguarded are here: https://wiki.openssl.org/index.php/Binaries. For the source https://www.openssl.org/community/binaries.html For windows, you may want to add the diretory of the openssl.bin file to the system environment path variable (https://www.architectryan.com/2018/08/31/how-to-change-environment-variables-on-windows-10/) or pass the location of the file to the PEM library.
Instal pem using (documentation here: https://github.com/Dexus/pem
npm i pem
at the command line at the root of the server.
From the documentation you can see that a simple https server with the keys can be created simply by:
const https = require('https')
const pem = require('pem')
pem.createCertificate({ days: 1, selfSigned: true }, (err, keys) => {
if (err) {
throw err
}
https.createServer({ key: keys.clientKey, cert: keys.certificate }, (req, res) => {
res.end('o hai!')
}).listen(443)
})
or using express
npm i express
at the command line at the root of the server):
const https = require('https')
const pem = require('pem')
const express = require('express')
pem.createCertificate({ days: 1, selfSigned: true }, (err, keys) => {
if (err) {
throw err
}
const app = express()
app.get('/', (req, res) => {
res.send('o hai!')
})
https.createServer({ key: keys.clientKey, cert: keys.certificate }, app).listen(443)
})
Just changed the var for const as appropiate, and functions for arrow functions