CODEWITHSUNDEEP
node.jshttpsssl-certificate
Matelutex
Matelutex

Reputation: 2210

NodeJS application and HTTPS with Certificate

I'd like to ask you for advice. I'm not familiar with HTTPS and certificates. I have my own small application that works on Nodejs.

My package.json:

{
  "name": "chatwidgethttps",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "start": "node server/ index.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.16.3"
  }
}

npm start and my app is working on https://localhost:3333. I put this URL to the external LiveChat platform (under https) because my app should work as a live chat widget. All data have to be secured (all the data is secret)

My question is what's the best approach in this case - do I need a self signed certificate? will everyone who wants to use my application have to install a certificate? If yes - how? how to make the certificate install automatically?

So far I've tried something like this:

const express = require('express')
const fs = require('fs')
const https = require('https')
const path = require('path')

const app = express();
const directoryToServe = 'client'
const port = 3333

app.use('/', express.static(path.join(__dirname, '..', directoryToServe)))

const httpsOptions = {
    cert: fs.readFileSync(path.join(__dirname,'ssl','server.crt')),
    key: fs.readFileSync(path.join(__dirname,'ssl','server.key'))
};

https.createServer(httpsOptions,app).listen(port, function() {
    console.log('Server started')
});

One of the hundreds of the tutorials says that after all I have to install my public server.crt certificate on the browser but it doesn't work - on the browser I still see the red text NOT SECURE. On Firefox or IE is my app completely invisible - I get the message:

This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

Thank You very much in advance for all your tips.

Upvotes: 1

Views: 1111

Answers (2)

Matelutex
Matelutex

Reputation: 2210

Summary:

I've tested my https app locally and had problems with not secure connection. But the answer is simple - all we have to do is upload our applications to the https server which should already have some certificates.

Upvotes: 0

Akash Babu
Akash Babu

Reputation: 1020

Please pay a visit to Let's Encrypt. It's gives you free signed certificates, with certbot which will auto-renew the certificates when expired.
Also i would not recommend serving certificates from Express application, as it would slow down the performance of the application drastically. So consider using nginx, which is a reverse proxy load balancer that can also serve certificates needed by HTTPS.

Upvotes: 2

Related Questions