This a simple, easy-to-follow tutorial on how to serve pages over _https_ in _NodeJS_ using _Express_ Framework.

Tools/Frameworks we would be using for this tutorial, are:

*   NodeJS: You should’ve basic knowledge on how to program in [NodeJS](https://nodejs.org/).
*   OpenSSL: A tool to generate key and certificate.
*   ExpressJS (`npm i express`): Back-end framework for writing web servers in NodeJS. More about [Express](https://expressjs.com/).
*   `https` : Comes with NodeJS.

Let’s set-up our project directory. It’s not a directory with lots of files. Instead, it contains only 4 files which are `package.json`, `key.pem`, `cert.pem` and `server.js`. So, create a new directory _node-https_, `cd node-https` and run `npm init -y` to create `package.json` file.

Now install _express_ using `npm i --save express`. Create a `server.js` file and type the following code in it.

Our `server.js` should look like this:

    const app = require('express')();const https = require('https');const fs = require('fs');//GET home routeapp.get('/', (req, res) => {     res.send('Hello World');});// we will pass our 'app' to 'https' serverhttps.createServer(app).listen(3000);

That’s it. Now if you run `node server.js` and visit `localhost:3000` you won’t see anything but an error! It’s time to fix that error.

### Generate cert.pem and key.pem

Using OpenSSL([?](https://www.openssl.org/)), we will generate our `key` and `cert`. So, here’s how you could do this:

    openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

*   `-keyout`: This flag let `openssl` know where to save _key.pem_ file. I can be an absolute file location.
*   `-out`: This flag let `openssl` know where to save _cert.pem_ file. I can be an absolute file location as well.
*   `-days`: This flag specifies the number of days the SSL will be valid.

Make sure to run above command inside the directory where `server.js` is present. Answer all questions. If all went well, you should see two new files in your project root, i.e. `cert.pem` and `key.pem`.

Open `server.js` and include cert and key file in your `https.createServer()` function. Just like the below example.

    const app = require('express')();const https = require('https');const fs = require('fs');//GET home routeapp.get('/', (req, res) => {    res.send('Hello World');});// we will pass our 'app' to 'https' serverhttps.createServer({    key: fs.readFileSync('./key.pem'),    cert: fs.readFileSync('./cert.pem'),    passphrase: 'YOUR PASSPHRASE HERE'}, app).listen(3000);

Open a terminal window and run `node server.js`. It should run without any error. Open your favourite browser and visit `https://localhost:3000` and you should see **Hello World**.

You may see some SSL warning. That’s because your certificate ain’t issued by any verified organization. What you want to do is, add the cert as an exception to your browser.

Good Day!!

Too Long; Didn't Read

Cassandra Forward a free Cassandra-focused community event

Set-up SSL in NodeJS and Express using OpenSSL

Too Long; Didn't Read

@thisisAbdus

RELATED STORIES