I'm using .pfx certification in my node.js https server and I can't use 'passphrase' in option

Question

I'm currently making an web application with node.js and https. So I try to use my .pfx(I got the file from here http://www.cert-depot.com/) for certification required for https, like following code:

var https = require('https');
var fs = require('fs');

var options = {
    pfx: fs.readFileSync('./8ab20f7b-51b9-4c09-a2e0-1918bb9fb37f.pfx')
    passphrase: 'password'
};

var server = https.createServer(options, function (request, response) {
    fs.readFile('index.html', function (error, data) {
        response.writeHead(200, {'Content-Type': 'text/html'});
        response.end(data);
    });
}).listen(12345, function(){
    console.log('server running');
});

But when I start this code with node.js, I'm getting an error message in my windows console:

passphrase: 'password'

Unexpected identifier

My code is very similar to the official guide page of Node.js (http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener), but I can't start my https server.

What's wrong with my passphrase? (I'm running node.js in Windows 8 64bit.)

You are missing a comma in the options object, between the two keys. — myusuf, Nov 30 '16 at 13:22

score 18 · Accepted Answer · edited Aug 01 '17 at 16:58

18

I guess the missing comma between your pfx and passphrase properties is what cause the error. Here I added the comma:

var options = {
    pfx: fs.readFileSync('./8ab20f7b-51b9-4c09-a2e0-1918bb9fb37f.pfx'),
    passphrase: 'password'
};

edited Aug 01 '17 at 16:58

Nate Anderson

18,334
18
100
135

answered Feb 12 '15 at 10:39

Ahmad AL-ansari

196
1
2

Just a small doubt. The password will be in the clear when I deploy the application so its not safe to store the password in the code Is there any other way that I can store the password encrypted noting that the secret key for encryption or decryption will also be in the code. – Amit Raj Mar 24 '15 at 08:01
2

Put it in an environment variable when you deploy. PM2 among others make this easy. Essentially you're just going to run `PASSPHRASE=password node myapp.js`. From there you access that value with `process.env.PASSPHRASE`. – wgp Sep 08 '15 at 02:37

score 4 · Answer 2 · answered Jan 17 '16 at 23:22

I stick a promise wrapper on my implementation of it and keep it async (ES2015).

lib/pfx.js

import { readFile } from 'fs'
import { resolve as resolvePath } from 'path'

export const CERTIFICATE_ROOT = resolvePath(__dirname, '..', 'etc', 'certificates')
export const getCertificatePath = filename => resolvePath(CERTIFICATE_ROOT, filename)

export function readCertificate(filename) {
  let certificatePath = getCertificatePath(filename)
  return new Promise((resolve, reject) => {
    readFile(certificatePath, (err, certificate) => {
      if (err)
        return reject(err)
      resolve(certificate)
    })
  })
}

export function readPfx(filename, passphrase) {
  assert.typeOf(passphrase, 'string', 'passphrase must be a string')
  assert.isAbove(passphrase.length, 0, 'passphrase must not be empty')
  return readCertificate(filename).then(pfx => ({ pfx, passphrase }))
}

and usage

lib/app.js

import { readPfx } from './pfx'
readPfx('8ab20f7b-51b9-4c09-a2e0-1918bb9fb37f.pfx', process.env.PASSPHRASE)
  .then(opts => /* start server here */)
  .catch(err => /* handle errors */)

I'm using .pfx certification in my node.js https server and I can't use 'passphrase' in option

2 Answers2