https-ssl-example

Release 1.0.0

zero-config HTTPS server example (complete with bogus TLS/SSL 2048-bit RSA PEM certs)

Homepage npm JavaScript Download

Keywords
ssl, tls, https, rsa, pem, example, demo, test, openssl, crt, p12, csr, certificate, certs, cert, key, private, public
License
Apache-2.0
Install
npm install https-ssl-example@1.0.0

Documentation

Update

Let's Encrypt is now available for node: letsencrypt-express

It's automatic HTTPS for your node server and it'll work with any of the frameworks (koa, hapi, whatever), not just express.

Also take a look at

HTTPS 2048-bit RSA TLS/SSL Cert Example

This is targeted towards people who are using io.js / node.js, but as far as generating and testing certs, these are the exact same openssl commands you'd use with any language.

ScreenCast

See https://youtu.be/r92gqYHJc5c

See the full article at How to create a Certificate Signing Request (CSR) for HTTPS (TLS/SSL) RSA PEMs

Zero-Config Example

Clone and run - it's that easy.

1. Clone the Example

git clone https://github.com/coolaj86/nodejs-ssl-example.git

pushd nodejs-ssl-example

npm install
node ./serve.js 8043 4080

2. Go to https://local.helloworld3000.com:8043

Then visit https://local.helloworld3000.com:8043.

Note that http://local.helloworld3000.com:4080 will redirect to https.

Note: This points to your localhost but since it's very difficult to develop, especially with HTTPS, with 127.0.0.1, localhost, or file://, I maintain local.helloworld3000.com and local.foobar3000.com for examples such as this one.

Note: Your browser will warn you that you the server is using a bogus certificate authority. That's okay for the purposes of this example.

Special Notes

The key to this example is that the certs are not self-signed root certificates. Using self-signed root certs is the stupidest thing that anyone ever tried to do in a browser.

Instead, the self-signed Root CA is used to sign the certificate that the browser / other http client will use. That's why this example works where others fail. It doesn't violate the rules for Root certs.

If only the world knew that all you have to do to fix Self-Signed Certificate errors is to create one additional certificate and serve that instead of the root...

Full Article

See the full article at How to create a Certificate Signing Request (CSR) for HTTPS (TLS/SSL) RSA PEMs

SSL Warnings

This example uses dummy SSL certificates that are not recognized by your browser.

There's nothing wrong with the example. The browser security warnings are normal. It's simply your browser letting you know that these certificates are not from a recognized vendor.

If you deploy your "real" app publicly you should swap them with your own certificates.

TODO: During Summer 2015 Mozilla will make basic SSL certificates available to all web hosts for free be (see Let's Encrypt). Someone remind me to come back and update the instructions for the free certificates if this notice is still here in August.

Other SSL Resources

Zero-Config clone 'n' run (tm) Repos:

Articles

Stats

Dependencies
3
Dependent packages
5
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
73
Forks
27
Watchers
12
Contributors
3
Repository size
27.3 KB
SourceRank
11

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.0

Contributors

AJ ONeal Mehdi Shahdoost thespiffyitalian


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-07-18 06:18:41 UTC

Login to resync this project