paint-brush
Set-up SSL in NodeJS and Express using OpenSSLby@thisisAbdus
86,703 reads
86,703 reads

Set-up SSL in NodeJS and Express using OpenSSL

by Abdus SamadJanuary 15th, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This a simple, easy-to-follow tutorial on how to serve pages over <em>https</em> in <em>NodeJS</em> using <em>Express</em> Framework.
featured image - Set-up SSL in NodeJS and Express using OpenSSL
Abdus Samad HackerNoon profile picture

This a simple, easy-to-follow tutorial on how to serve pages over https in NodeJS using Express Framework.

Tools/Frameworks we would be using for this tutorial, are:

  • NodeJS: You should’ve basic knowledge on how to program in NodeJS.
  • OpenSSL: A tool to generate key and certificate.
  • ExpressJS (npm i express): Back-end framework for writing web servers in NodeJS. More about Express.
  • https : Comes with NodeJS.

Let’s set-up our project directory. It’s not a directory with lots of files. Instead, it contains only 4 files which are package.json, key.pem, cert.pem and server.js. So, create a new directory node-https, cd node-https and run npm init -y to create package.json file.

Now install express using npm i --save express. Create a server.js file and type the following code in it.

Our server.js should look like this:

const app = require('express')();const https = require('https');const fs = require('fs');//GET home routeapp.get('/', (req, res) => {     res.send('Hello World');});// we will pass our 'app' to 'https' serverhttps.createServer(app).listen(3000);

That’s it. Now if you run node server.js and visit localhost:3000 you won’t see anything but an error! It’s time to fix that error.

Generate cert.pem and key.pem

Using OpenSSL(?), we will generate our key and cert. So, here’s how you could do this:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
  • -keyout: This flag let openssl know where to save key.pem file. I can be an absolute file location.
  • -out: This flag let openssl know where to save cert.pem file. I can be an absolute file location as well.
  • -days: This flag specifies the number of days the SSL will be valid.

Make sure to run above command inside the directory where server.js is present. Answer all questions. If all went well, you should see two new files in your project root, i.e. cert.pem and key.pem.

Open server.js and include cert and key file in your https.createServer() function. Just like the below example.

const app = require('express')();const https = require('https');const fs = require('fs');//GET home routeapp.get('/', (req, res) => {    res.send('Hello World');});// we will pass our 'app' to 'https' serverhttps.createServer({    key: fs.readFileSync('./key.pem'),    cert: fs.readFileSync('./cert.pem'),    passphrase: 'YOUR PASSPHRASE HERE'}, app).listen(3000);

Open a terminal window and run node server.js. It should run without any error. Open your favourite browser and visit https://localhost:3000 and you should see Hello World.

You may see some SSL warning. That’s because your certificate ain’t issued by any verified organization. What you want to do is, add the cert as an exception to your browser.

Good Day!!