7

nodejs version : 0.8.6
i have created a ssl csr file using using openssl with the following command: openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr

  • csr content was sent to my SSL provider , certificate was sent back.

now i wanted to create a SSL secure server : 

var fs = require("fs");
var https = require('https');
var credentials = {
            key: fs.readFileSync(options.base_project_folder + 'privatekey.pem'),
            cert: fs.readFileSync(options.base_project_folder + 'certificate.pem')
};
var server = https.createServer(credentials, app);
server.listen(port, address, function() {
    var addr = this.address();
    console.log('listening on %s:%d', addr.address, addr.port);
});

server is running , but i get : "SSL connection error"

trying to check the problem i did : openssl s_client -connect my_dns:443 // my_dns points to my nodejs server ofcourse

RESULT: CONNECTED(00000003) 139813382997664:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 226 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

can anyone help me ? i lost my way in the SSL darkness :(

Improve this question
4
  • The server code you post is incomplete. Either you haven't posted the rest (if so, please post it as well), or you're just missing essential parts of creating an actual HTTPS server in Node. Commented Apr 7, 2013 at 17:14
  • i edited the code , hope this helps to find my problem. Commented Apr 7, 2013 at 17:30
  • And port equals 443, right? Commented Apr 7, 2013 at 17:34
  • yes, i listen to port 443 Commented Apr 7, 2013 at 19:20

3 Answers 3

Reset to default
8

Try adding the CA like so:

var credentials = {
  key: fs.readFileSync(options.base_project_folder + 'privatekey.pem'),
  cert: fs.readFileSync(options.base_project_folder + 'certificate.pem'),
  ca: fs.readFileSync(/path/to/CA/cert)
};

The docs say that the options argument is similar to tls.createServer

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

what is the ca file ? what is the content of it ? i tried to find it out :(
problem was found , my files got a problem, and i also need the ca :)
benjiegillam.com/2012/06/node-dot-js-ssl-certificate-chain, which I found via a comment on a link in the other answer, has an important point. In newer versions of Node, the "ca" property will not take a bundled file; if you have more than one intermediate certificate, you must load them individually into an array and set the "ca" property to that array.
1

I believe you need to specify a CA certificate for the signer as well. Since this is not a self signed certificate you should have received a bundle from wherever you got the cert.

A couple links that should help: http://qugstart.com/blog/node-js/install-comodo-positivessl-certificate-with-node-js/ http://www.gettingcirrius.com/2012/06/securing-nodejs-and-express-with-ssl.html

Improve this answer

1 Comment

+1 I agree the problem could very well be missing the CA cert.
0

How to do this through cloudflare?

Create your websocket.js with the obvious ssl credentials

var https = require('https');
var credentials = {
            key: fs.readFileSync('/location/to/privatekey.pem'),
            cert: fs.readFileSync(/location/to/certificate.pem')
};
var server = https.createServer(credentials, app);

1) Sign up to cloud flare

2) Point your domain dns server to cloudflare ns servers

3) Generate an origin certificate and save both the private key and certificate to your server privatekey.pem & certificate.pem

4) Make sure you're using an SSL port in your websocket and that your router firewall allows this port.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.