Using Certificates with NodeJs HTTPS

Question

Using Certificates with NodeJs HTTPS

I created a .cer file for IOS push notifications and I would like to use it with NodeJS HTTPS module.

The only examples I found for the HTTPS module work with .pem and .sfx files, not with .cer:

var options = { key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') }; or var options = { pfx: fs.readFileSync('server.pfx') } https.createServer(options, function (req, res) { res.writeHead(200); res.end("hello world\n"); }).listen(8000);

Any solution?

+6

node.js ios https ssl-certificate apple-push-notifications

Cherif Mar 03 '14 at 12:06

source share

4 answers

Itai steinherz · Answer 1 · 2017-12-30T13:21:07+0000

A .cer can be encoded using two different formats: PEM and DER .

If your file is encoded using the PEM format, you can simply use it like any other .pem file (more information on this can be found in Node.js :

 const https = require("https"); const options = { key: fs.readFileSync("key.pem", "utf8"), cert: fs.readFileSync("cert.cer", "utf8") }; https.createServer(options, (req, res) => { res.writeHead(200); res.end("Hello world"); }).listen(8000);

If your file is encoded using the DER format, you first need to convert it to a .pem file using OpenSSL (the command was taken from here ):

 openssl x509 -inform der -in cert.cer -out cert.pem

and then can use the above code with cert file name cert.pem instead of cert.cer :

 const https = require("https"); const options = { key: fs.readFileSync("key.pem", "utf8"), cert: fs.readFileSync("cert.pem", "utf8") }; https.createServer(options, (req, res) => { res.writeHead(200); res.end("Hello world"); }).listen(8000);

If you have a certificate authority key that matches your cert.cer file, you can include it in the options https.createServer argument as follows (the sample code assumes that the file is named ca.pem and that it is encoded using the PEM format):

 const https = require("https"); const options = { ca: fs.readFileSync("ca.pem", "utf8"), key: fs.readFileSync("key.pem", "utf8"), cert: fs.readFileSync("cert.pem", "utf8") }; https.createServer(options, (req, res) => { res.writeHead(200); res.end("Hello world"); }).listen(8000);

For more information about https.createServer and its arguments, see the documentation .

Note. All of the above options assume that you also have a public key encoded in PEM format with the name key.pem and that the .cer file is named cert.cer . If you do not have a public key, please comment or add it to the question, and I will update the answer accordingly.

If you don’t know what format your file is encoded in, you can try both options, see which one suits you.

Thebronx · Answer 2 · 2014-03-03T13:00:25+0000

This is an example using crt , you can convert cer to crt if it doesn't work:

 var express = require('express'); var app = express(); var fs = require('fs'); var https = require('https'); var credentials = { ca: fs.readFileSync(__dirname+"/ssl/certificate.ca-crt", 'utf8'), //certificate concatenation or intermediate certificates key: fs.readFileSync(__dirname+"/ssl/mydomain.com.key", 'utf8'), //SSL key cert: fs.readFileSync(__dirname+"/ssl/certificate.crt", 'utf8') //the certificate }; app.configure(function() { // set up your express application }); var httpsServer = https.createServer(credentials, app); httpsServer.listen(443);

Taken from here (in Spanish): salvatorelab.es
You can also see examples of what these files (crt, ca-crt ...) contain or look like.

Tsimtsum · Answer 3 · 2018-01-02T12:14:19+0000

@Mohit, you can convert your cer to pem using the command below.

 openssl x509 -inform der -in certificate.cer -out certificate.pem

A source

poida · Answer 4 · 2018-01-02T21:42:21+0000

HTTPS / TLS encryption is asymmetric, there are two parts to make it work: public key and private key .

The .cer file that you receive from Apple Push Notification Services (APNS) after you upload a certificate signing request (CSR) is a public key signed.

The location of the private key depends on how you generated it .

If you are using a Mac and using the Apple Keychain application, it has a private key . Import the .cer public key back into the keychain. Then use the Export option to get one password protected .p12 file that will contain both private and private keys . See References [1] and [2] .

In your node.js application, the exported pfx file and password can be used as pfx and passphrase options for https.createServer .

For example:

 var options = { pfx: fs.readFileSync('./exported-cert.p12'), passphrase: 'password-that-was-set-on-export' }; https.createServer(options, ...);

Using Certificates with NodeJs HTTPS

More articles: