From 305692ce9e4c02c75202a29e3bd9e230d16fad0c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 27 Jun 2016 18:22:23 -0600 Subject: [PATCH] use letsencrypt naming convention, and more recent localhost.daplie.com --- README.md | 13 ++++++++----- serve.js | 29 +++++++++-------------------- 2 files changed, 17 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 2953495..d68ee7c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ The end off all your self-signed certificate woes (in node.js at least) This is an easy-as-git-clone example that will get you on your way without any `DEPTH_ZERO_SELF_SIGNED_CERT` or `SSL certificate problem: Invalid certificate chain` headaches. -See +See [the explanation](https://github.com/coolaj86/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js) for the many details. @@ -85,13 +85,16 @@ node ./request-without-warnings.js 8043 Test (warning free) with cURL ```bash -curl -v https://localhost.daplie.com \ - --cacert client/chain.pem +curl -v https://localhost.daplie.com:8043 \ + --cacert certs/client/chain.pem ``` +Note: on macOS curl's `--cacert` option may not work properly +and so you may need to add the cert to the system keychain (described below) + Visit in a web browser - + To get rid of the warnings, simply add the certificate in the `client` folder to your list of certificates by alt-clicking "Open With => Keychain Access" @@ -103,7 +106,7 @@ You do have to set `Always Trust` a few times Now season to taste --- -You can poke around in the files for generating the certificates, +You can poke around in the files for generating the certificates, but all you really have to do is replace `localhost.daplie.com` with your very own domain name. diff --git a/serve.js b/serve.js index bd98620..3ccae8d 100755 --- a/serve.js +++ b/serve.js @@ -1,26 +1,15 @@ #!/usr/bin/env node 'use strict'; -var https = require('https') - , port = process.argv[2] || 8043 - , fs = require('fs') - , path = require('path') - , server - , options - ; - -require('ssl-root-cas') - .inject() - .addFile(path.join(__dirname, 'certs', 'server', 'my-root-ca.crt.pem')) - ; - -options = { - key: fs.readFileSync(path.join(__dirname, 'certs', 'server', 'privkey.pem')) -// You don't need to specify `ca`, it's done by `ssl-root-cas` -//, ca: [ fs.readFileSync(path.join(__dirname, 'certs', 'server', 'my-root-ca.crt.pem'))] -, cert: fs.readFileSync(path.join(__dirname, 'certs', 'server', 'fullchain.pem')) -}; - +var https = require('https'); +var port = process.argv[2] || 8043; +var fs = require('fs'); +var path = require('path'); +var server; +var options = { + key: fs.readFileSync(path.join(__dirname, 'certs', 'server', 'privkey.pem')) + , cert: fs.readFileSync(path.join(__dirname, 'certs', 'server', 'fullchain.pem')) + }; function app(req, res) { res.setHeader('Content-Type', 'text/plain');