So I've been tinkering with HTTPS servers in Node.JS, and was following this thread: -
which has one create a public/private key pair, and then generate a self-signed certificate.
Having done this, I created a simple server: -
server.js
var http = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
var server = http.createServer(options, function(req, res) {
res.writeHead(200);
res.write('<p>Hello world!</p>');
res.end();
});
var port = 10001;
server.listen(port, function() {
console.log('server listening on port ' + port);
});
var fs = require('fs');
var options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
var server = http.createServer(options, function(req, res) {
res.writeHead(200);
res.write('<p>Hello world!</p>');
res.end();
});
var port = 10001;
server.listen(port, function() {
console.log('server listening on port ' + port);
});
which I then started: -
node server.js
server listening on port 10001
However, when I tried to connect to it: -
I got this: -
curl: (35) Unknown SSL protocol error in connection to localhost:-9838
and this: -
from Firefox, and this from Chrome: -
Thankfully, Google came to me aid - AGAIN !!
This post: -
suggested that the problem might be that the key length, of the private key, is wrong.
I checked: -
openssl rsa -in key.pem -text -noout
which reported: -
...
Private-Key: (512 bit)
...
...
I validated this by checking the certificate: -
openssl x509 -in cert.pem -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
89:66:62:89:72:dd:66:ff
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
Validity
Not Before: Jun 16 15:14:36 2017 GMT
Not After : Oct 31 15:14:36 2044 GMT
Subject: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:d3:fc:99:16:f7:a0:2a:e5:a5:53:09:55:7e:5f:
63:f3:d6:98:92:39:56:7c:71:fb:ca:5f:75:af:c4:
1f:78:d8:a3:23:1a:ca:e2:d5:f1:a6:43:61:2b:51:
e8:39:f5:43:77:4a:59:ae:8c:f5:22:a3:82:51:52:
45:12:c2:bf:95
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
c9:76:2b:eb:c6:39:ad:ce:3d:0c:cb:8d:28:26:95:82:68:c4:
cb:e6:06:fa:62:62:b8:ea:8d:13:47:7f:92:c4:0c:e6:d1:97:
1c:ec:f1:01:e5:63:be:e5:f4:f4:cd:09:76:3f:55:75:72:2a:
d2:c3:58:2a:c6:1f:64:50:ae:60
I regenerated the key pair: -
openssl genrsa -out key.pem 2048
and then regenerated the certificate: -
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem
and validated the key: -
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem
and validated the key: -
openssl rsa -in key.pem -text -noout
…
Private-Key: (2048 bit)
...
...
and the certificate: -
openssl x509 -in cert.pem -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
aa:3b:0b:19:b8:7c:e5:42
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
Validity
Not Before: Jun 16 15:28:55 2017 GMT
Not After : Oct 31 15:28:55 2044 GMT
Subject: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
...
I then restarted my server
node server.js
and tested: -
curl -k https://localhost:10001
<p>Hello world!</p>
and now Chrome is happy: -
and Firefox is happy: -
Obviously both browsers mark me down for using a self-signed certificate, but I can live with that.
I've since turned my Node.JS server into a Node module, and deployed it to WebSphere Liberty Profile and the IBM Node.JS runtime, as part of an IBM API Connect test ...