How to generate and use an SSL certificate in NodeJS

How to generate and use an SSL certificate in NodeJS

Rahul Dubey's photo
Rahul Dubey
·Jan 12, 2022·

5 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

  • Let's Create a Demo App in Express js
  • Let's Generate SSL Certificates
  • Integration of the SSL Certificate in Express
  • Conclusion:

In this article, we will see how can we generate an SSL certificate for our development server. And later on, we will see how can we use that certificate inside our application.

Let's Create a Demo App in Express js

To create a new npm project, let's create a directory named "node-ssl-server" and open the node-ssl-server directory in the terminal using this command.

cd node-ssl-server

Then run this command to create a new npm project.

 npm init -y

Now let's install the dependency i.e express, to do so run this command:

npm install --save express

Now let's create a start script in package.json, just add this line inside the "script{}" as shown below:

"scripts": {
    "start":"node index.js"
  },

you can also use nodemon if you have nodemon installed in your system like this:

"scripts": {
    "start":"nodemon index.js"
  },

Now let's add a index.js file in our app and add few lines in it as shown below:

const express = require('express') 
const https = require("https") // https module to create a ssl enabled server
const path = require("path") // path module 
const fs = require("fs") //file system module

const app =express()

app.use("/",(req,res,next)=>{
    res.send("hello from ssl secured server!!")
})

const options ={
  key:'',
  cert:'' 
}
const sslserver =https.createServer(options,app)

sslserver.listen(port,()=>{console.log(`Secure Server is listening on port ${port}`)});

Let's Generate SSL Certificates

before we proceed further let's create a directory to store the certificates inside our app folder.

mkdir cert

now move to the cert directory using cd command

cd cert

To generate the SSL Certificate we need to follow these steps as shown below:

  • Generate a Private Key
  • Create a CSR ( certificate signing request) using the private key.
  • Generate the SSL certification from CSR

Generate a Private Key

To generate a private key we will run this command as shown below:

 openssl genrsa -out key.pem

Once we ran the above command it will generate the private key and save it in key.pem file inside cert directory and gives this type of message in the terminal.

Generating RSA private key, 2048 bit long modulus
...+++
.................+++
e is 65537 (0x10001)

Create a CSR ( Certificate Signing Request)

Since we are our own certificate authority, we need to use CSR to generate our certificate. To do so we need to run the below command.

openssl req -new -key key.pem -out csr.pem

Once we ran this command it will ask a few questions as shown below:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

you can skip any question by simply press enter else if you want to provide the details you can provide it, it's totally upto you.

Once you done with these question it will generate the CSR in csr.pem file inside cert folder.

Generate the SSL Certificate

Now for the final steps, we need to use the key.pem and crs.pem files to generate our SSL certificate.

let's run the below command to generate it.

openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem

Note:

  • we are using x509 because it is the standard defining the format of the public-key certificate.
  • we set the validity of the certificate as 365 days.

After running the above command it will save the certificate in the cert.pem file inside cert folder. Now you can remove the csr.pem file or you can keep it.

Integration of the SSL Certificate in Express

Now let's use these certificates inside our app using file system (fs) and path module. To do so, we need to edit a few lines in our app as mentioned below:

Earlier we had created a constant variable options. now we will update that part of the code by adding the path of the generated certificates inside it as shown below.

Before:

const options ={
  key:'',
  cert:'' 
}

After:

const options ={
  key:fs.readFileSync(path.join(__dirname,'./certs/key.pem')),
  cert:fs.readFileSync(path.join(__dirname,'./certs/cert.pem')) 
}

Once it's done save it and run the server by

npm start

You can check if HTTPS is working or not by just accessing it from this URL:

https://localhost:3002

Conclusion:

  • You might see Not Secure in your browser though we have a valid certificate, it is just because we have generated the certificate and it is not generated by some known certificate authorities, so, your browser doesn't Trust you as a valid certificate authority. But we should typically use this process for development purposes and for Production we should be using a certificate that is generated by a certificate authority like Let's Encrypt.
 
Share this