Windows: trust self-signed certificate used for node (and express)

Question

I'm using Windows, and I'm trying to use express over HTTPS, and I'm trying to figure out if there's a way to trust the used certificate so that I don't have to tell my browser to "continue to the untrusted site anyways".

According to this post, I know how to do it for .NET Core: use PowerShell to create a self-signed certficiate in Personal, and then copy it to the Trusted Root Certification Authorities so that it's trusted and can be used (and in my ASP.NET Core application, I configure HTTPS to use that certificate)

I must admit that I'm no an expert regarding certificates, and I'm not sure what's exactly happening, but above is what I think.

So, following this post, I'm using openssl to create the two files required by Node (and Express) for HTTPS, but is there a way to somehow trust these in a similar manner.

I tried searching the internet about converting from PFX to PEM, etc. to somehow try to export the certficiate created by PowerShell to a format required by Node to make sure it's trusted, but I wasn't successful.

Any help is really appreciated, Thank you

Answer 1

@Farzad, I think you might have found a solution by now but for others here are the details

A thing or two about certs

-> DER -this is binary encoded format of a certificated. So the certificate is actually in “DER encoded way, rather than a DER cert. No one should say that they have a DER cert. it is not a type of cert -> PEM. - this is a X509v3 encoded using ASCII keys

-> CSR - it’s a certificate signing request, that is usually generated to send to CA for validation. On checking the domain and authenticity of the cert, CA sends back a signed trusted cert usually in CER/CRT format. It can be both in PERM or DER format and using openssl we can convert from one format to other

-> CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems -> CER = alternate form of .crt (Microsoft Convention) You can use MS Office to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents. Also refer this - https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file

SYMMETRIC vs ASYMETRIC - a symmetric key means that there is only one key that needs to be used for both encoding and decoding a transmission between a client and server and there should be mechanism implemented to share the keys between them (though not completely secure) The asymmetrical key means that there are two keys for encoding and decoding a message. Sever encodes and sends the message using a private key and client uses a public key (either shared via a cert incase of rsa or shared as a "passphrase" termed as "salt".

So back to the tools to generate these keys/keystore/trustore and certs , openssl and keytool are most commonly used . There are a number of online blogs explaining the same. Here is one

https://blogs.oracle.com/blogbypuneeth/steps-to-create-a-self-signed-certificate-using-openssl

Now back to importing the cert to truststore, you can refer this answer in SO Digital Certificate: How to import .cer file in to .truststore file using?

To complete the express https setup here is the same setup done

const process = require('process');
const _ = require('lodash');
const util =require('util');
const express = require('express');
const app  = express();

const appPath = require('app-root-path');
const https = require('https');
const http = require('http');

const fs = require('fs');

const bodyParser = require('body-parser');
//Extract arugments from command line
const argumentExtractor = require('./utils/argumentExtrator');

//make use of constants
const constants = require('./utils/constants');

//sample to make use of cors router
// const corsRouter = require('./controllers/corsRoute');
// app.use(corsRouter);
console.log('env vars', process.env);

app.use(bodyParser.json());
app.use(bodyParser.raw({type: () => true}));

const corsHeaders = require('./middlewares/corsHeaders');
app.use(corsHeaders);

//additional response headers
const addition_headers = require('./middlewares/additionalReponseHeaeders');
app.use(addition_headers);
debugger;


//Routing sample1
const appRouter1 = require('./controllers/appRoute1');
app.use(constants.COURSE_ROUTE,appRouter1);

//Routing sample 2
const appRouter2 = require('./controllers/appRoute2');
app.use(constants.HEADER_ROUTE, appRouter2);



//getting the commandline properties
console.log('command line arguments');
_.each(process.argv, (data)=>{

    console.log('each data', data);

});
console.log('env from argument',argumentExtractor.env);
console.log('port from argument',argumentExtractor.port);

//spread opertaor example
const oldArray = ['1', 2];
const newArray = [...oldArray];
console.log(newArray);

//Rest operator- basically to handle mutiple inputs
const sampleFunc = (...params)=>{
    return params;
}
console.log(sampleFunc(3,4));
console.log(sampleFunc(3,4,5,6 ));

const port = argumentExtractor.port || 3000;

let options= {
    key:fs.readFileSync(appPath+'/certs/nodejs_key.pem'),
    cert: fs.readFileSync(appPath+'/certs/nodejs_cert.cert'),
    requestCert: false,
    rejectUnAuthorized: false,
    passphrase:'<passphrase used in openssl cert creation>'
};

http.createServer(app).listen(port ,()=>{
    console.log('The listening port is:'+port);
});

https.createServer(options,app).listen(5000, ()=>{
    console.log('This is the https server port ...5000');
});

I hope this answers the question.