├── .gitignore ├── LICENSE ├── README.md ├── app.js ├── bin ├── create-root-ca.sh ├── create-server-certs.sh └── sign-csr.sh ├── certs ├── ca │ ├── my-root-ca.crt.pem │ └── my-root-ca.key.pem └── server │ ├── my-server.crt.pem │ └── my-server.key.pem ├── package.json ├── public └── index.html └── serve.js /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | 5 | # Runtime data 6 | pids 7 | *.pid 8 | *.seed 9 | 10 | # Directory for instrumented libs generated by jscoverage/JSCover 11 | lib-cov 12 | 13 | # Coverage directory used by tools like istanbul 14 | coverage 15 | 16 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 17 | .grunt 18 | 19 | # Compiled binary addons (http://nodejs.org/api/addons.html) 20 | build/Release 21 | 22 | # Dependency directory 23 | # Commenting this out is preferred by some people, see 24 | # https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git- 25 | node_modules 26 | 27 | # Users Environment Variables 28 | .lock-wscript 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Update: Just use Greenlock 2 | ====== 3 | 4 | [Greenlock for Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js) - 5 | Certificates issued via Let's Encrypt 6 | 7 | 8 | HTTPS 2048-bit RSA TLS/SSL Cert Example 9 | ==== 10 | 11 | This is targeted towards people who are using io.js / node.js, 12 | but as far as generating and testing certs, these are the exact 13 | same **openssl** commands you'd use with any language. 14 | 15 | ScreenCast 16 | ----------- 17 | 18 | See 19 | 20 | See the full article at 21 | [How to create a Certificate Signing Request (CSR) for HTTPS (TLS/SSL) RSA PEMs](https://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/) 22 | 23 | 24 | Zero-Config Example 25 | ======== 26 | 27 | Clone and run - it's that easy. 28 | 29 | 1. Clone the Example 30 | ------------ 31 | 32 | ``` 33 | git clone https://github.com/coolaj86/nodejs-ssl-example.git 34 | 35 | pushd nodejs-ssl-example 36 | 37 | npm install 38 | node ./serve.js 8043 4080 39 | ``` 40 | 41 | 2. Go to 42 | ------------- 43 | 44 | Then visit . 45 | 46 | Note that will **redirect to https**. 47 | 48 | **Note**: This points to **your localhost** but since it's very difficult to 49 | develop, especially with HTTPS, with `127.0.0.1`, `localhost`, or `file://`, 50 | I maintain `local.helloworld3000.com` and `local.foobar3000.com` 51 | for examples such as this one. 52 | 53 | **Note**: Your browser will warn you that you the server is using a bogus 54 | certificate authority. That's okay for the purposes of this example. 55 | 56 | Special Notes 57 | ---- 58 | 59 | The key to this example is that the certs are not self-signed **root** certificates. 60 | Using self-signed root certs is the stupidest thing that anyone ever tried to do in a browser. 61 | 62 | Instead, the self-signed **Root CA** is used to sign the certificate that the browser / other 63 | http client will use. That's why this example works where others fail. It doesn't violate the rules for Root certs. 64 | 65 | If only the world knew that all you have to do to fix Self-Signed Certificate errors 66 | is to create one additional certificate and serve that instead of the root... 67 | 68 | Full Article 69 | ----- 70 | 71 | See the full article at 72 | [How to create a Certificate Signing Request (CSR) for HTTPS (TLS/SSL) RSA PEMs](https://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/) 73 | 74 | SSL Warnings 75 | ============ 76 | 77 | This example uses **dummy SSL certificates** that are not recognized 78 | by your browser. 79 | 80 | There's nothing wrong with the example. 81 | **The browser security warnings are normal**. 82 | It's simply your browser letting 83 | you know that these certificates are not from a recognized vendor. 84 | 85 | ![](https://i.imgur.com/d5mXvGa.png) 86 | 87 | ![](https://i.imgur.com/RDjfEE5.png) 88 | 89 | ![](https://i.imgur.com/xRnNSDQ.png) 90 | 91 | **If you deploy your "real" app publicly** you should swap them with your own certificates. 92 | 93 | **TODO**: During Summer 2015 Mozilla will make basic SSL certificates available 94 | to all web hosts for free be (see [Let's Encrypt](https://letsencrypt.org/)). 95 | Someone remind me to come back and update the instructions for the 96 | free certificates if this notice is still here in August. 97 | 98 | 99 | Other SSL Resources 100 | ========= 101 | 102 | Zero-Config clone 'n' run (tm) Repos: 103 | 104 | 105 | * [io.js / node.js HTTPS SSL Example](https://github.com/coolaj86/nodejs-ssl-example) 106 | * [io.js / node.js HTTPS SSL Self-Signed Certificate Example](https://github.com/coolaj86/nodejs-self-signed-certificate-example) 107 | * [io.js / node.js HTTPS SSL Trusted Peer Client Certificate Example](https://github.com/coolaj86/nodejs-ssl-trusted-peer-example) 108 | * [SSL Root CAs](https://github.com/coolaj86/node-ssl-root-cas) 109 | 110 | Articles 111 | 112 | * [http://greengeckodesign.com/blog/2013/06/15/creating-an-ssl-certificate-for-node-dot-js/](Creating an SSL Certificate for node.js) 113 | * [http://www.hacksparrow.com/express-js-https-server-client-example.html/comment-page-1](HTTPS Trusted Peer Example) 114 | * [How to Create a CSR for HTTPS SSL (demo with name.com, node.js)](https://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/) 115 | * [coolaj86/Painless-Self-Signed-Certificates-in-node](https://github.com/coolaj86/node-ssl-root-cas/wiki/Painless-Self-Signed-Certificates-in-node.js) 116 | -------------------------------------------------------------------------------- /app.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | var express = require('express') 4 | ; 5 | 6 | module.exports.create = function (server, host, port, publicDir) { 7 | var app = express() 8 | ; 9 | 10 | app.use(express.static(publicDir)); 11 | 12 | return app; 13 | }; 14 | -------------------------------------------------------------------------------- /bin/create-root-ca.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -u 3 | set -e 4 | 5 | # make directories to work from 6 | mkdir -p certs/{server,client,ca,tmp} 7 | 8 | # Create your very own Root Certificate Authority 9 | openssl genrsa \ 10 | -out certs/ca/my-root-ca.key.pem \ 11 | 2048 12 | 13 | # Self-sign your Root Certificate Authority 14 | # Since this is private, the details can be as bogus as you like 15 | openssl req \ 16 | -x509 \ 17 | -new \ 18 | -sha256 \ 19 | -nodes \ 20 | -key certs/ca/my-root-ca.key.pem \ 21 | -days 3652 \ 22 | -out certs/ca/my-root-ca.crt.pem \ 23 | -subj "/C=US/ST=Utah/L=Provo/O=ACME Signing Authority Inc/CN=example.com" 24 | 25 | # NOTE 26 | # -nodes means "no-des" which means "no passphrase" 27 | # -days 3652 means that this example will break about 10 years from now 28 | -------------------------------------------------------------------------------- /bin/create-server-certs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -u 3 | set -e 4 | 5 | FQDN='local.helloworld3000.com' 6 | 7 | # make directories to work from 8 | mkdir -p certs/{server,client,ca,tmp} 9 | 10 | # Create Certificate for this domain, 11 | openssl genrsa \ 12 | -out certs/server/my-server.key.pem \ 13 | 2048 14 | 15 | # Create the CSR 16 | openssl req -new \ 17 | -key certs/server/my-server.key.pem \ 18 | -out certs/tmp/my-server.csr.pem \ 19 | -subj "/C=US/ST=Utah/L=Provo/O=ACME Service/CN=${FQDN}" 20 | -------------------------------------------------------------------------------- /bin/sign-csr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -u 3 | set -e 4 | 5 | # Sign the request from Device with your Root CA 6 | openssl x509 \ 7 | -req -in certs/tmp/my-server.csr.pem \ 8 | -sha256 \ 9 | -CA certs/ca/my-root-ca.crt.pem \ 10 | -CAkey certs/ca/my-root-ca.key.pem \ 11 | -CAcreateserial \ 12 | -out certs/server/my-server.crt.pem \ 13 | -days 1095 14 | 15 | # If you already have a serial file, you would use that (in place of CAcreateserial) 16 | # -CAserial certs/ca/my-root-ca.srl 17 | -------------------------------------------------------------------------------- /certs/ca/my-root-ca.crt.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEHjCCAwagAwIBAgIJAMjWtxCnYhqNMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNV 3 | BAYTAlVTMQ0wCwYDVQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEjMCEGA1UEChMa 4 | QUNNRSBTaWduaW5nIEF1dGhvcml0eSBJbmMxFDASBgNVBAMTC2V4YW1wbGUuY29t 5 | MB4XDTE1MDcxMzE1MTk0NloXDTI1MDcxMjE1MTk0NlowZzELMAkGA1UEBhMCVVMx 6 | DTALBgNVBAgTBFV0YWgxDjAMBgNVBAcTBVByb3ZvMSMwIQYDVQQKExpBQ01FIFNp 7 | Z25pbmcgQXV0aG9yaXR5IEluYzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0G 8 | CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiLN9xrvx/ukYuJxuUgA53hZjwY+4X 9 | 3jvKBWQclRAuKdqclnG1eWe+LRc1plfLiLOAivncsvC+kHuB5wpFm00wxib2dDgc 10 | 6MdO8bOIgAWbcjtnIHcuS9byCzf5LeMQLr84qgHV2Ezlow4/IKpWl4svc326Dh6X 11 | 3oJf7uiUIm+yLZNWCoVAzMc5sMQX5Kp58YsxGZVA+0dbO6I708kDohoTGnhDRZxg 12 | TGKBRIYHxProgE+RP6heDortAr91n4zX8GZ4cgQQfq3NEdvqDJQNPjwOBWzP4ki2 13 | c5cd0YQ6iUZuST/drb9WAH/q3GddKLnO+Cy0owcDERvpIZI77ja1+kV1AgMBAAGj 14 | gcwwgckwHQYDVR0OBBYEFLtr78m4wbpn84a8VmB5kVkAlyJfMIGZBgNVHSMEgZEw 15 | gY6AFLtr78m4wbpn84a8VmB5kVkAlyJfoWukaTBnMQswCQYDVQQGEwJVUzENMAsG 16 | A1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUgU2lnbmlu 17 | ZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJAMjWtxCnYhqN 18 | MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGEvN3COJmLcBF5QVyCv 19 | ohv2hNplSAedQGhYYizIHNWtJSFMfCRNtgAClW2mDExz7g1Qb6MgYRSTxcJ274fM 20 | Nrw94fTrHn/jDELJuLYhtTaLKfWkpLCLya+y0jzpnQbinsKOeYht54Qv4R2WUd6f 21 | m9IqYnvdNpxEop82m+p12JsbECXcwMN9/0KubHRxmAcAOi9vbSjG6Git2dUaMnKj 22 | RElKW4ZJFBQqaiGiwJxLQGOYjmcqUu/ky31cBHAWj88s48tl2bQep/lxncNeBcak 23 | 29Pqz6cv68IwEUPpKCqvHVFpf7MhuqYIDY6bZuqChKwBCnVwuqfZ+ZvXCfKk1iH/ 24 | +Zc= 25 | -----END CERTIFICATE----- 26 | -------------------------------------------------------------------------------- /certs/ca/my-root-ca.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAoizfca78f7pGLicblIAOd4WY8GPuF947ygVkHJUQLinanJZx 3 | tXlnvi0XNaZXy4izgIr53LLwvpB7gecKRZtNMMYm9nQ4HOjHTvGziIAFm3I7ZyB3 4 | LkvW8gs3+S3jEC6/OKoB1dhM5aMOPyCqVpeLL3N9ug4el96CX+7olCJvsi2TVgqF 5 | QMzHObDEF+SqefGLMRmVQPtHWzuiO9PJA6IaExp4Q0WcYExigUSGB8T66IBPkT+o 6 | Xg6K7QK/dZ+M1/BmeHIEEH6tzRHb6gyUDT48DgVsz+JItnOXHdGEOolGbkk/3a2/ 7 | VgB/6txnXSi5zvgstKMHAxEb6SGSO+42tfpFdQIDAQABAoIBABfQDPMtZYf/uwRV 8 | 27ffYcBtDnrlwXUhvZe5WOzVem282Yu6j3G9JN2I02qeRS/un6TVQ0EDyVPB9VCq 9 | sxhraFcsEVaI1CBykalm1hzJ54jeqhhHbRiQLDyYJxzgfwHGS2+vjttuikQBwDrG 10 | uhxC3j4WcDSclCNqmawqcV4m/E2mJa66YojKA4og+m/MHgV01iCEl85dqxd+ZDEU 11 | ceBW9E8aJ6ElF3FuQ1YNRbyE83nRtUJ+mgyjVaz5kBNiB4s7b/pXmGZJsgZm8nV6 12 | whAy8EuVX7UMwQe2VdP7it9sHjtB66MMfO4oS5RKCUjP1TejIaMJwJCPyM3vtmlZ 13 | RhKsImECgYEAzyWyRENUOLztKAZoxeVjZWQ+0AU+Hr1LAuq+DvtP8nJ+PjvQvxtI 14 | E3n4tNn9cC3RFty7EegAI6zBFqpPThS1Q3qBaakFz81nVnA1Jwcf4f1nFIT+9mFC 15 | N7BPGPTACW47iqbhMShbQqdl/F6ZZQxRpKYQ7Yf1SulNpRodt9ubUNkCgYEAyGwK 16 | OHIp1Gw0C5EwnIY4VnKSWUDOtFTLreHyjwxDPWnm/PDZ92gIuyJqOtnootZtKhFy 17 | FZBGyw6VHIS03AFt3OYrDoCiz8pGVqS4O5jHzKE9qYAAcx8t35ecrhLQq3IR1YmV 18 | g7TISEnHFuFEVi81Mhksx4/nIgM+8M05uboK9/0CgYBgFY016sEjPEcJHMf2m2ta 19 | eYBFP1lMKuOja71S97FitUbnmRk/u+jX1+jMAp1zLl1hLGu9Z47A/X3nBIKapjJa 20 | JXXny9X9SLqZNp0BCGX6jm8E7pfRMtXjPO3DlquI9E+8BaJJCf4i0cEVqc+fNnKc 21 | W8dYVosp/0PbxFxqjvvhKQKBgQCu7q4VCoA8Kp1ao0VcuUIfIi1evdQtTf3hLV+7 22 | P6bIydCVYdu9uA422BkEeQI2bxYlK8j5zU4dGgNIOwRpKs4rirJ2HAz/dLvkEC3F 23 | xtpNX0ck1NaPpN0zVW+p+D4uBohOa6IWrQpLHiopbEFrQBUcPyD4pj/FTjP3lgkW 24 | dK3yOQKBgEH8EiqXOkh+NcUDNrMLZsfcNCMDUIIqYJhht8PiSDmF4LqLhfvcc2LW 25 | fYppqhePtSmmjxyH8rBzGYzkQhAmcboBE61+pySuaApaxfe3UyA9l688gEVq0VZ6 26 | RP37bC67qJ7JxV1Eb82OgbMs+W19jpEstO844w9GPWjwpPjUuGOK 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/server/my-server.crt.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDSTCCAjECCQDO+JqPb+KtMDANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJV 3 | UzENMAsGA1UECBMEVXRhaDEOMAwGA1UEBxMFUHJvdm8xIzAhBgNVBAoTGkFDTUUg 4 | U2lnbmluZyBBdXRob3JpdHkgSW5jMRQwEgYDVQQDEwtleGFtcGxlLmNvbTAeFw0x 5 | NTA3MTMxNTE5NTdaFw0xODA3MTIxNTE5NTdaMGYxCzAJBgNVBAYTAlVTMQ0wCwYD 6 | VQQIEwRVdGFoMQ4wDAYDVQQHEwVQcm92bzEVMBMGA1UEChMMQUNNRSBTZXJ2aWNl 7 | MSEwHwYDVQQDExhsb2NhbC5oZWxsb3dvcmxkMzAwMC5jb20wggEiMA0GCSqGSIb3 8 | DQEBAQUAA4IBDwAwggEKAoIBAQCjxjgNVmfGZ04JzIPUxOEpbjgvEYD0C7Fxdjqa 9 | liZvctz9pAn5XfrUV49SUDvJVbMA+nBmdtfqKoBrsZYaVgjwUHCWfeuDwIs624BK 10 | Nd7fH0XKiNEb4LaNyFkVMMKy/IjV4pxCnmf4DBA3twWmtqhK4kmLKnClq0jxJPEV 11 | Giosb6c3RyxM9yQOHXpfnIs5LNBMzNlAKeRX4ptDgKOmdF+yPBDYErYI86WLXjhw 12 | v9oHv1+fiAE88hCK8oHlHZ/qovjZcPiqgnDGCSpdHrBrrua5XvEtnqTURpz27JAh 13 | Ri0SxsnAi4IGiRTqjYQL7wgMg2oCYq/SuCI5pDqCjpV1Nkh7AgMBAAEwDQYJKoZI 14 | hvcNAQELBQADggEBACmiV8y7vkLiCCjC9e5oUl7KBcshdIzRmVhKZ+sYSxghDs4s 15 | XXz1C999ogWqaHFZWgiH+I/wI2pwuSA6++gdF7ii7PwKgxRvRGC7UgfbWk7X1vRo 16 | d/T/xuU8gJCJiJXsCl3CciWCACRUhgzyQOYABgD64zg/nZjrjjy/4qJzrirPFcNQ 17 | bmHprQV5PnkeTYxmip0CiIv7iZp0CshSaHpBJsqQtPBzwaN623SlZ6CqI0CsBH/1 18 | 0aH8wF1SUBTCSqjVfbNKyyht/kUCvhirhB1U6OQCfDC+646O+Y7kI2E7K4mEGqRL 19 | 3nqSyi1z9XzI4fi1BylKg0M0/3czQubkV/Nly5g= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /certs/server/my-server.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAo8Y4DVZnxmdOCcyD1MThKW44LxGA9AuxcXY6mpYmb3Lc/aQJ 3 | +V361FePUlA7yVWzAPpwZnbX6iqAa7GWGlYI8FBwln3rg8CLOtuASjXe3x9FyojR 4 | G+C2jchZFTDCsvyI1eKcQp5n+AwQN7cFpraoSuJJiypwpatI8STxFRoqLG+nN0cs 5 | TPckDh16X5yLOSzQTMzZQCnkV+KbQ4CjpnRfsjwQ2BK2CPOli144cL/aB79fn4gB 6 | PPIQivKB5R2f6qL42XD4qoJwxgkqXR6wa67muV7xLZ6k1Eac9uyQIUYtEsbJwIuC 7 | BokU6o2EC+8IDINqAmKv0rgiOaQ6go6VdTZIewIDAQABAoIBACX/JiAKDPeeHh/t 8 | 4CQsLWU0WjqpX/a/A8MkQAJ/lZlD1/vM5DeD018SlYDudoCGrooqkItlRUDh7XuO 9 | 7xlbHqXKs+RmgI7HzEWyiXguOXAgzEtqJMHIB/KrKefdsT5fksu00LYwFEUbX2Pd 10 | xaThOfhtucxc41e8fqbcAEb6FBDM07uUj6IfMhhF1EfibdCXI0KTwZCTnWhArtyQ 11 | y+/GIZz0Mmn5dc9bHXXUTipoaGdzcIcr+x9wX0V8zEpEOpX45khdMf1L000Y3tdq 12 | bYDEkksRrayjWK5yO/fGel9ZM/3H3EGT1LChHMRP9nKvPMpGxSoWqeMWju/SEfib 13 | qRVfgtkCgYEA0xAbIMU9DUG0d992QHv/zOSxkIh+k98Za0edIkhdQdfI4mGbetf+ 14 | 23EM5hXJKVxLuUZ8PQiQ4BK5Pjlc84QWNyz0/1GYvf1yO4yl/dMDCaqUCjYIqDz4 15 | yQ0CLRay/7l2h3dVyE+cCYdWkfkePRHs+VHAFRkLJkaRvVf6RKqeVgUCgYEAxqSq 16 | uEMJXmnRCJmpb+FO0trUpvrTxdvM2xtLbdPYF0B/4wyD7ftZjzWdGmmI0V5kt1Nd 17 | DGSKbU1w2Hitt8upfgUe6ZAscf9sY00+JDTLqrBXBTvkOIhfFAtHNFKgL6OQtWyD 18 | wiikuYmw1Fzm243hn/gtOGMYN0Ii+bY6YT157H8CgYEAkmeVqcGne86b9JrZWBmr 19 | cuEgGnXT95bF9xiR8vnnVojsG7xBMZEqg+WDYQazpzEShc5S17Nda1ERlgwMYg65 20 | qkRRHdnn7cIkvxHtAoigjs/4KK0ajDjfCfcwDz6zo5dulME+i9hNEH8EmfUH+Ky6 21 | iKcgaoIYrdA9v+2K+J6xflECgYEAsSpeRRcs/PLdh5EdKHbHyZF4xjDBvh8ql2TB 22 | ooOloB9bsFISPKfHmc2Uf+EOMMXCiCsmuw3U1GWUNs1zCpDva0D/8AoxSb8omWxj 23 | 9wDLgUHjavyesLkYK5VffVAQJEz6nITbAskjGYOvncf58mmZiQZctoTTLT2kWhjn 24 | +qBM5NsCgYBj971mIprEYbPHZ+O0IjRB+cgYej9cLC42ltU2FoCQk4iy/gSZ6yRm 25 | RAAgOt3AWFN+YwBTx47bcOjPqRX1iaOsiNidVv42bqfuz5L7cQvxpTa+OdP/H5OQ 26 | 06ASSL5YdXEhiI0fqjaRjdhkOwyT4bhuIMFTOP1ez3J0A10HnPb7Zw== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "https-ssl-example", 3 | "version": "1.0.1", 4 | "description": "zero-config HTTPS server example (complete with bogus TLS/SSL 2048-bit RSA PEM certs)", 5 | "main": "serve.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node serve.js" 9 | }, 10 | "repository": { 11 | "type": "git", 12 | "url": "https://github.com/coolaj86/nodejs-ssl-example.git" 13 | }, 14 | "keywords": [ 15 | "ssl", 16 | "tls", 17 | "https", 18 | "rsa", 19 | "pem", 20 | "example", 21 | "demo", 22 | "test", 23 | "openssl", 24 | "crt", 25 | "p12", 26 | "csr", 27 | "certificate", 28 | "certs", 29 | "cert", 30 | "key", 31 | "private", 32 | "public" 33 | ], 34 | "author": "AJ ONeal (http://coolaj86.com/)", 35 | "license": "Apache2", 36 | "bugs": { 37 | "url": "https://github.com/coolaj86/nodejs-ssl-example/issues" 38 | }, 39 | "homepage": "https://github.com/coolaj86/nodejs-ssl-example", 40 | "dependencies": { 41 | "bluebird": "^2.9.3", 42 | "check-ip-address": "^1.1.1", 43 | "express": "^4.11.2", 44 | "request": "^2.51.0", 45 | "ssl-root-cas": "^1.1.10" 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 
My name is Marvin, not that you would care.
 4 | 
 5 | You've reached {{host}} on port {{port}}. Meh... Congratulations, I guess."
6 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /serve.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 'use strict'; 3 | 4 | var https = require('https'); 5 | var http = require('http'); 6 | var path = require('path'); 7 | var port = process.argv[2] || 8043; 8 | var insecurePort = process.argv[3] || 4080; 9 | var fs = require('fs'); 10 | var checkip = require('check-ip-address'); 11 | var server; 12 | var insecureServer; 13 | var options; 14 | var certsPath = path.join(__dirname, 'certs', 'server'); 15 | var caCertsPath = path.join(__dirname, 'certs', 'ca'); 16 | 17 | // 18 | // SSL Certificates 19 | // 20 | options = { 21 | key: fs.readFileSync(path.join(certsPath, 'my-server.key.pem')) 22 | // This certificate should be a bundle containing your server certificate and any intermediates 23 | // cat certs/cert.pem certs/chain.pem > certs/server-bundle.pem 24 | , cert: fs.readFileSync(path.join(certsPath, 'my-server.crt.pem')) 25 | // ca only needs to be specified for peer-certificates 26 | //, ca: [ fs.readFileSync(path.join(caCertsPath, 'my-root-ca.crt.pem')) ] 27 | , requestCert: false 28 | , rejectUnauthorized: true 29 | }; 30 | 31 | 32 | // 33 | // Serve an Express App securely with HTTPS 34 | // 35 | server = https.createServer(options); 36 | checkip.getExternalIp().then(function (ip) { 37 | var host = ip || 'local.helloworld3000.com'; 38 | 39 | function listen(app) { 40 | server.on('request', app); 41 | server.listen(port, function () { 42 | port = server.address().port; 43 | console.log('Listening on https://127.0.0.1:' + port); 44 | console.log('Listening on https://local.helloworld3000.com:' + port); 45 | if (ip) { 46 | console.log('Listening on https://' + ip + ':' + port); 47 | } 48 | }); 49 | } 50 | 51 | var publicDir = path.join(__dirname, 'public'); 52 | var app = require('./app').create(server, host, port, publicDir); 53 | listen(app); 54 | }); 55 | 56 | 57 | // 58 | // Redirect HTTP ot HTTPS 59 | // 60 | // This simply redirects from the current insecure location to the encrypted location 61 | // 62 | insecureServer = http.createServer(); 63 | insecureServer.on('request', function (req, res) { 64 | // TODO also redirect websocket upgrades 65 | res.setHeader( 66 | 'Location' 67 | , 'https://' + req.headers.host.replace(/:\d+/, ':' + port) + req.url 68 | ); 69 | res.statusCode = 302; 70 | res.end(); 71 | }); 72 | insecureServer.listen(insecurePort, function(){ 73 | console.log("\nRedirecting all http traffic to https\n"); 74 | }); 75 | --------------------------------------------------------------------------------