0

I'm trying to use express in conjunction with a node.js https server, but I'm getting a warning when I connect.

The site's security certificate is not trusted!

My code is:

var WebSocketServer = require('ws').Server
    , https = require('https')
    , fs = require('fs')
    , express = require('express')
    , app = express();

app.use(express.static(__dirname + '/public'));

var options = {
    rejectUnauthorized: false,
    requestCert: true,
    agent: false,
    key: fs.readFileSync('private/key.pem'),
    cert: fs.readFileSync('private/cert.pem')
};

var server = https.createServer(options, app);
server.listen(8888);

var MainServer = new WebSocketServer({server: server});

How do I fix this warning (and effectively the Identity not verified problem)?

Thanks!

Improve this question

2 Answers 2

Reset to default
4

That's a warning your browser gives. When you take the solution live, buy a certificate and associate with your domain(be exact - wildcard or root certificate) and the warning will go away, and a beatiful lock will come to show the world how safe your site is. :-)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

There's no need to buy a certificate. Startcom gives you a server certificate for free. They are trusted by most (all?) desktop and mobile browsers.
1

You need to purchase a SSL certificate from a certificate authority. A google search will reveal many venders with prices ranging significantly. If you are simply developing and it is not a production website you can find free certs or very cheap certs. The reason so many certs are expensive ( > 200 USD) is that the venders offer an insurance policy which guarantees the security of the certificate. Although if your cert is compromised and you request an insurance claim from the company, proving that the cert itself was due to fault is incredibly difficult and highly unlikely.

Improve this answer

1 Comment

Startcom gives you a server certificate for free. They are trusted by most (all?) desktop and mobile browsers. Check out what Peter Gutmann has to say about those hundred or thousand dollar certificates: PKI Me Harder.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.