||7 years ago|
|.gitignore||9 years ago|
|LICENSE||9 years ago|
|README.md||7 years ago|
|make-root-ca-and-certificates.sh||7 years ago|
|package.json||7 years ago|
|request-without-warnings.js||7 years ago|
|serve.js||7 years ago|
|test.sh||7 years ago|
The end off all your self-signed certificate woes (in node.js at least)
This is an easy-as-git-clone example that will get you on your way without
SSL certificate problem: Invalid certificate chain headaches.
See the explanation for the many details.
Also, you may be interested in coolaj86/nodejs-ssl-trusted-peer-example.
Test for yourself
An example that works.
example ├── make-root-ca-and-certificates.sh ├── package.json ├── serve.js └── request-without-warnings.js
Get the repo
git clone firstname.lastname@example.org:coolaj86/nodejs-self-signed-certificate-example.git pushd nodejs-self-signed-certificate-example npm install
For the super impatient:
Create certificates for your FQDN
local.ldsconnect.org points to
localhost, so it's ideal for your first test.
bash make-root-ca-and-certificates.sh 'local.ldsconnect.org'
certs/ ├── ca │ ├── my-root-ca.crt.pem │ ├── my-root-ca.key.pem │ └── my-root-ca.srl ├── client │ ├── chain.pem │ └── my-server.pub ├── server │ ├── my-root-ca.crt.pem │ ├── cert.pem │ ├── chain.pem │ ├── fullchain.pem │ └── privkey.pem └── tmp └── csr.pem
Run the server
node ./serve.js 8043 & # use `fg` and `ctrl+c` to kill
Test in a client
Test (warning free) in node.js
node ./request-without-warnings.js 8043
Test (warning free) with cURL
curl -v https://localhost.daplie.com \ --cacert client/chain.pem
Visit in a web browser
To get rid of the warnings, simply add the certificate in the
to your list of certificates by alt-clicking "Open With => Keychain Access"
You do have to set
Always Trust a few times
as explained by Rob Peck.
Now season to taste
You can poke around in the files for generating the certificates,
but all you really have to do is replace
with your very own domain name.
But where's the magic?
Who's the man behind the curtain you ask?
Well... I lied. This demo doesn't use self-signed certificates (not in the server at least). It uses a self-signed Root CA and a signed certificate.
It turns out that self-signed certificates were designed to be used by the Root Certificate Authorities, not by web servers.
So instead of trying to work through eleventeen brazillion errors about self-signed certs, you can just create an authority and then add the authority to your chain (viola, now it's trusted).
Other SSL Resources
Zero-Config clone 'n' run (tm) Repos:
- node.js HTTPS SSL Example
- node.js HTTPS SSL Self-Signed Certificate Example
- node.js HTTPS SSL Trusted Peer Client Certificate Example
- SSL Root CAs
- [http://greengeckodesign.com/blog/2013/06/15/creating-an-ssl-certificate-for-node-dot-js/](Creating an SSL Certificate for node.js)
- [http://www.hacksparrow.com/express-js-https-server-client-example.html/comment-page-1](HTTPS Trusted Peer Example)
- How to Create a CSR for HTTPS SSL (demo with name.com, node.js)