SSL + localhost + Express + node.js + Certificate Fun!

So I was following a security chapter in a book by Evan Hahn called Express.js in Action (a very good read as it goes) and despite using the example code correctly and implementing what I expected to be a working SSL express node application I was met with Chrome’s dead face “no no no” page:

Screen Shot 2016-09-01 at 17.49.01

After a lot of searching and result-clicking and stack-overflow-scrolling I managed to find the two things that combined to fix the problem, and it’s nice and simple too. Read on!

Generate your self-signing certificate (we’re running on localhost and I trust myself) and key files (as Node likes them to be separate, not all combined). There’s some very good instructions on this here: .

At this point you should have your certificate.pem and a key.pem file. Next add these credentials when starting up your express application, and boom. Back in business.

var express = require("express");
var https = require("https");
var ms = require("ms");
var fs = require("fs");
var path = require("path");

// The path to where you exported your cert and key files.
var certificatePath = path.resolve(__dirname, "../.localhost-ssl");

// The specific location of the files.
var privateKey = fs.readFileSync(certificatePath + "/key.pem");
var certificate = fs.readFileSync(certificatePath + "/cert.pem");

// Combined to make a credentials object.
var credentials = {key: privateKey, cert: certificate};

var app = express();

app.get("/", function(request, response) {
 response.end("Hello, SSL World!");

// Create the https server like this and pass in the credentials.
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(8443, function() {
 console.log("App started on port 8443");

And then with a little bit of luck and a cheeky smile you should get your output SSL message on the screen.

Hello, SSL World!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s