0

I have just deployed my react app on firebase which comes with a pre-configured SSL certificate, but since I am making API calls to a node js server using HTTP and not HTTPS, The browser is blocking all my API calls and labeling them as in-secure. When I open the issue tab inside chrome developer tools I get recommended to load all resources via HTTPS to improve the security of my site.

My question is since I already have a pre-configured SSL certificate for my firebase app, do I also need to generate a separate certificate signed by 'Certificate Authority', or CA for my node server? if yes, I would like to know how I could achieve that?

note: I have also generated 'self-signed certificates' using node js 'HTTPS' module, but still it's not working with the browser since it's I signed the certificate and I am not authorized, certificate signer, therefore, the browser returns invalid certificate.

Thanks for your help in advance.

amo
  • 147
  • 1
  • 3
  • 13
  • I strongly suggest always using HTTPS for production apps. Browsers will always complain if you try to access non-secured content from within a secured site. That opens the user up to security vulnerabilities. – Doug Stevenson Aug 26 '20 at 15:21
  • @DougStevenson I understand your point, but my question is since I already have a pre-configured SSL certificate for my firebase app, do I also need to generate a separate certificate signed by 'Certificate Authority', or CA for my node server? if yes, I would like to know how I could achieve that? – amo Aug 26 '20 at 15:55
  • 1
    You would need another cert for other hosts. How you go about that is a matter of network administration for your particular cloud or hosting environment. Networking admin questions belong on Server Fault: https://serverfault.com/ – Doug Stevenson Aug 26 '20 at 15:58
  • @DougStevenson thanks for the feedback. since my server is hosted on-premise, do you any recommendations on which CA I would go with? – amo Aug 26 '20 at 16:13
  • 1
    Have you looked at [Let's Encrypt](https://letsencrypt.org/) yet? – Take-Some-Bytes Aug 26 '20 at 19:25
  • @Take-Some-Bytes https://stackoverflow.com/questions/63619182/unable-to-generating-ssl-certificate-with-letsencrypt-certbot-using-node-js – amo Aug 27 '20 at 15:20

0 Answers0