CODEWITHSUNDEEP
node.jssslnode-red
lfly
lfly

Reputation: 41

How do I secure Node Red with a CA certificate

I need to secure my Node Red with a CA signed certificate - not a self-signed certificate. I'm using a Amazon EC2 with Amazon Linux.

Upvotes: 2

Views: 4285

Answers (2)

lfly
lfly

Reputation: 41

Resolved this myself.

For this to work porpoerly - you need a domain name for your Node red.

I used COMODO to get a SSL

Obtaining the CERT

  1. ssh into server and proceed to home directory where node red is installed and run these commands:

  2. mkdir sslcerts

  3. cd sslcerts

  4. openssl genrsa -out ./private.key 2048

  5. openssl req -new -sha256 -key ./private.key -out ./{yourdomainname}.csr

  6. You'll need to the contents of the above created .csr file during the COMODO SSL procedure
  7. Follow COMODOs SSL request procedure
  8. Once Certificate is issued, you will be given a Certificates.zip file. Unzip that into another directory
  9. In the unzipped directory, use a text editor or Linux command line to create a ca-bundle file.
  10. Combine files in this order (I'm using Linux command 'cat' here):

    $ cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > {yourdomainname}.ca-bundle. You need to copy both the ca-bundle file you just created AND the {yourdomainname}.crt file over to sslcerts on your server

Making the certificate usable by Node Red

  1. cd to the home directory where node red is installed then cd into the (hidden) .node-red directory

  2. nano settings.js

  3. At the top of this file, uncomment the line: var fs = require("fs");
  4. Find and uncomment https: { key: ... }
  5. Change the contents to:

    https: { ca: fs.readFileSync('sslcerts/{yourdomainname}.ca-bundle'), key: fs.readFileSync('sslcerts/private.key'), cert: fs.readFileSync('sslcerts/{yourdomainname}.crt') }

  6. Save this file (CTRL-O), then exit (CTRL-X)
  7. Restart node red and CHECK for any startup errors. If you get errors, you most likely has a misspelling in the 'https: {...'

Upvotes: 2

gregnr
gregnr

Reputation: 1272

To add an SSL cert to Node Red, add the https key to settings.js:

...
},
https: {
  key: fs.readFileSync('privkey.pem'),
  cert: fs.readFileSync('cert.pem')
},
...

If you're asking how to obtain a CA signed certificate, there are many routes you can go. Look at Lets Encrypt for a free and automated solution.

Upvotes: 1

Related Questions