The end off all your self-sign certificate woes (in node.js at least)
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
 
 
AJ ONeal 5c8cf158db with love pirms 10 gadiem
.gitignore with love pirms 10 gadiem
LICENSE Initial commit pirms 10 gadiem
README.md with love pirms 10 gadiem
make-root-ca-and-certificates.sh working example with self-signed certificates pirms 10 gadiem
package.json working example with self-signed certificates pirms 10 gadiem
request-without-warnings.js with love pirms 10 gadiem
serve.js with love pirms 10 gadiem
test.sh with love pirms 10 gadiem

README.md

nodejs-self-signed-certificate-example

The end off all your self-signed certificate woes (in node.js at least)

This is an easy-as-git-clone example that will get you on your way without any DEPTH_ZERO_SELF_SIGNED_CERT or SSL certificate problem: Invalid certificate chain headaches.

See the explanation for the many details.

Test for yourself

An example that works.

example
├── package.json
├── make-root-ca-and-certificates.sh
├── serve.js
├── request-without-warnings.js
├── server
|   ├── my-private-root-ca.crt.pem
|   ├── my-server.crt.pem
|   └── my-server.key.pem
└── client
    └── my-private-root-ca.crt.pem

Get the repo

git clone git@github.com:coolaj86/nodejs-self-signed-certificate-example.git
pushd nodejs-self-signed-certificate-example
npm install

For the super impatient:

bash test.sh

Create certificates for your FQDN

local.ldsconnect.org points to localhost, so it's ideal for your first test.

bash make-root-ca-and-certificates.sh 'local.ldsconnect.org'

Run the server

node ./serve.js 8043 &
# use `fg` and `ctrl+c` to kill

Test in a client

Visit in a web browser

https://local.ldsconnect.org

Test (warning free) in node.js

node ./request-without-warnings.js 8043

Test (warning free) with cURL

curl -v https://local.ldsconnect.org \
  --cacert client/my-private-root-ca.crt.pem

Now season to taste

You can poke around in the files for generating the certificates, but all you really have to do is replace local.ldsconnect.org with your very own domain name.

But where's the magic?

Who's the man behind the curtain you ask?

Well... I lied. This demo doesn't use self-signed certificates. It uses a self-signed Root CA and a signed certificate.

It turns out that self-signed certificates were designed to be used by the Root Certificate Authorities, not by web servers.

So instead of trying to work through eleventeen brazillion errors about self-signed certs, you can just create an authority and then add the authority to your chain (viola, now it's trusted).