I got these files from the Certificate Authority:
- domain.com.p7b
- domain.com.crt
- domain.com.ca-bundle
And I tried this little code:
var express = require('express');
var app = express();
var fs = require("fs");
var https = require('https');
var privateKey = fs.readFileSync('domain.com.p7b').toString();
var certificate = fs.readFileSync('domain.com.crt').toString();
var ca_bundle = fs.readFileSync('domain.com.ca-bundle').toString();
var credentials = { key: privateKey,
ca : ca_bundle,
cert: certificate};
https.createServer(credentials,app).listen(8080, function () {
console.log('Example app listening on port 8080!');
});
After start script, I get the following error:
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
(err): Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
(err): at Error (native)
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
All the examples on google uses self-signed certificates , but what happen when I need to work in a real environment?
My little code works in development with self signed keys , following this example:
I researched and I found this:
but I could not correct the error.
Also I reduced to one file :
var credentials = {cert: certificate};
And the error is the same. So I thought that maybe is a format error when I move these certificates from windows to unix. I used dos2unix tool and the error is the same.
My node version is 4.4.7
Any help is appreciated.
Thanks in advance!
UPDATED
When you are working with https certificates, domains or subdomains, forgot the technology used to develop the application.
Node.js, java, python and other languages has libraries to publish secure endpoint with https. This is achieved loading manually your purchased or self-signed certificates. This works, but this is not the right way due to.
For example : Development team will have problems to star up the application, because the source code needs the certificates and other configurations. Deployment on testing will need specific certificates, etc
For a clean, maintainable and scalable architecture, and following the pattern separation of concerns (SoC) DONT MODIFY YOUR SOURCE CODE and leave this work or complexity to apache , nginx, haproxy, aws elb or some load balancer & router:
apache 2.2 example
SSLCertificateFile /some/folder/certificate.crt
SSLCertificateKeyFile /some/folder/initial.key
SSLCertificateChainFile /some/folder/certificate.ca-bundle
nginx example
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
...
}
This kind of complexity must be transparent for the development team and should be managed by sysadmin,infrastructure or another teams related to networks of your company.
See Question&Answers more detail:
os 
