Best IT Recipes

How to create .pem files for https server

I am using the Express framework in Node.js to create a web server. I want the transport to be based on SSL.

The code for creating the https web server is below.

var app = express.createServer({ key: fs.readFileSync('./conf/key.pem'), cert: fs.readFileSync('./conf/cert.pem') }); module.exports = app;

Question: How to create the .pem key and cert.pem, the required express?

+63
ssl pem
Oct 13
source share
2 answers

The two files you need are the SSL certificate, private in PEM, and the private key. PEM encoded certificates and keys are Base64 encoded text with start and end separators that look like -----BEGIN RSA PRIVATE KEY----- or similar.

To create an SSL certificate, you first need to generate a private key and a certificate signing request or CSR (which also contains your public key). You can do this in various ways, but here, as in OpenSSL.

 openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

This will cause you to enter an interactive prompt to create a 2048-bit RSA and CSR secret key that has all the information you want to enter in the prompts. ( Note: The common name is where you want to place the domain name that you will use to access your site. ). As soon as you do this, you usually send this CSR to a trusted certificate and after they confirm your request, you will receive a certificate.

If you do not need a trusted certificate (usually for development purposes), you can simply create a self-signed certificate. To do this, we can use almost the same line, but we will pass two additional parameters.

 openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

This will give you a certificate (valid for 10 years) and a pair of keys that you can use in the published code snippet.

+141
Oct. 16
source

Just do the following procedure:

  • create the folder where you want to save your key and certificate:

    mkdir conf



  1. go to this directory:

    cd conf



    1. capture this ca.cnf file for use as a configuration shortcut:

      wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf



      1. create a new certificate authority using this configuration:

        openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem



        1. Now that we have our certificate authority in ca-key.pem and ca-cert.pem , let me create a private key for the server:

          openssl genrsa -out key.pem 4096



          1. grab this server.cnf file for use as a configuration shortcut:

            wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf



            1. generate a certificate signing request using this configuration:

              openssl req -new -config server.cnf -key key.pem -out csr.pem



              1. Sign the request:

                openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

I found this procedure here , as well as additional information on how to use these certificates.

+7
Jan 11 '16 at 0:41
source


More articles:


All Articles