1

I have seen other similar questions but non addresses my problem. I have generated my TLS (openSSL) Self-Signed certificate, but seems not working on my NodeJS server.

Instructions to generate SSL

openssl req -newkey rsa:2048 -keyout key.pem -x509 -days 365 -out certificate.pem

openssl x509 -text -noout -in certificate.pem

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

openssl pkcs12 -in certificate.p12 -noout -info  // verify certificate

So at the end I have .p12 also known as PFX type certificate. Below is my Node.js code:

    // ------- Start HTTPS configuration ----------------

const options = {

    pfs: fs.readFileSync('./server/security-certificate/certificate.p12'),     
    passphrase: 'secrete2'
};
https.createServer(options, app).listen(8443);


    // -------- End HTTPS configuration -----------------

    // Also listen for HTTP 
var port = 8000;
app.listen(port, function(){
    console.log('running at localhost: '+port);
});

Here is the output when I run curl command, the HTTP request is served correctly, only HTTPS has problem:

Output when tested on same machine

Moreover, if I do this:

export CURL_CA_BUNDLE=/var/www/html/node_app/server/security-certificate/cert.p12

Then I get following error: curl: (77) Problem with the SSL CA cert (path? access rights?)



If I try to access in browser with HTTPS and port, browser says it could not load the page.

Reference links I followed: Node.js HTTPS:

https://nodejs.org/dist/latest-v8.x/docs/api/https.html#https_https_createserver_options_requestlistener

I'm using AWS RedHat Linux

Community
  • 1
Nah
  • 123
  • 8
  • Please use wireshark/tshark and add to the question decoded tls packets. – kubanczyk May 05 '18 at 21:32
  • I have shared problem of same linux machine, which could not access itself. I could not install `wireshark` on my live linux machine. – Nah May 05 '18 at 21:46
  • What version of Node.js is this? What Linux distribution is it? – Michael Hampton May 05 '18 at 23:19
  • Using `node v6.14.2` and OS prettyName is `Amazon Linux AMI 2018.03` with ID Like `Red Hat 7.2.1-2 (rhel fedora)` – Nah May 06 '18 at 03:42
  • 1
    [The option key is **spelled `pfx` not `pfs`**](https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options) Also the file you give the _client_ (curl) should be the certificate alone not the P12; I believe curl/NSS accepts CAcert in PEM (curl/openssl definitely does). – dave_thompson_085 May 06 '18 at 10:02
  • I deleted my answer :) – Nah May 10 '18 at 13:01

0 Answers0