4

I bought an SSL certificate at GoDaddy and I'm using the following node.js server to attempt to set it up:

var https = require('https'),      // module for https
    fs =    require('fs');         // required to read certs and keys

var options = {
    key: fs.readFileSync('../../ssl/example.com.key'),
    cert: fs.readFileSync('../../ssl/example.com.crt'),
    ca: fs.readFileSync('../../ssl/gd_bundle.crt'),
    requestCert:        true,
    rejectUnauthorized: false
};

https.createServer(options, function (req, res) {
    if (req.client.authorized) {
        res.writeHead(200, {"Content-Type": "application/json"});
        res.end('{"status":"approved"}');
    } else {
        res.writeHead(401, {"Content-Type": "application/json"});
        res.end('{"status":"denied"}');
    }
}).listen(443);

After running the server, I attempted to visit the website at https://example.com and I just get 

{"status":"denied"}

I guess this is working properly since I'm getting a response, but I think my understanding of how SSL works is wrong. I thought the browser gets the certificate from the server, which then authenticates it against root certs, i.e. from GoDaddy. so shouldn't i get 

{"status":"approved"}

just simply visiting https://example.com ?

So I guess my question is, how do I visit https://example.com and get {"status":"approved"}?

Thanks!

Improve this question

3 Answers 3

Reset to default
4

The reason you are getting denied, is because you are trying to authenticate using client certificate authentication. Each end user needs a client certificate signed by your server certificate. How to setup Client Certificates and Certificate Auth with Node.

If you are just attempting to encrypt your web traffic, you don't need the client certificates. Use the example here http://nodejs.org/docs/latest/api/https.html if you just want the traffic encrypted.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Here's a zero-config example for using trusted peer (client) certificates: github.com/coolaj86/nodejs-ssl-trusted-peer-example
And a "normal ssl", zero-config example that runs all on its own, so you can be confident that replacing your certs for the dummies included will work for you: github.com/coolaj86/nodejs-ssl-example
0

This is wrong:

ca: fs.readFileSync('../../ssl/gd_bundle.crt')

ca needs to be an array of strings or buffers containing individual certificates. If you supply a bundle, only the first certificate is used and the rest is ignored.

See also: http://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener

Improve this answer

Comments

0

1.) First Open your cpanel 2.) SSL/TLS 3.)Manage SSL sites. 4.) Select Domain on which you want to add ssl 5.) Then Autofill by certificate

You will get here crt and key create 2 files domain.pem and domain.crt

put crt code into domain.crt and key code into domain.pem file and put both file on the main root

const https = require('http');
const fs = require('fs');


const httpsOptions = {
key: fs.readFileSync('domain.pem'),
cert: fs.readFileSync('domain.crt'),
ca: fs.readFileSync('domain.crt'),
passphrase: '??'
}

https.createServer(options, function (req, res) {
  if (req.client.authorized) {
    res.writeHead(200, {"Content-Type": 
    "application/json"});
    res.end('{"status":"approved"}');
  } else {
    res.writeHead(401, {"Content-Type": 
    "application/json"});
    res.end('{"status":"denied"}');
  }
}).listen(443);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.