So I was following a security chapter in a book by Evan Hahn called Express.js in Action (a very good read as it goes) and despite using the example code correctly and implementing what I expected to be a working SSL express node application I was met with Chrome’s dead face “no no no” page:
After a lot of searching and result-clicking and stack-overflow-scrolling I managed to find the two things that combined to fix the problem, and it’s nice and simple too. Read on!
Generate your self-signing certificate (we’re running on localhost and I trust myself) and key files (as Node likes them to be separate, not all combined). There’s some very good instructions on this here: https://certsimple.com/blog/localhost-ssl-fix .
At this point you should have your certificate.pem and a key.pem file. Next add these credentials when starting up your express application, and boom. Back in business.
var express = require("express");
var https = require("https");
var ms = require("ms");
var fs = require("fs");
var path = require("path");
// The path to where you exported your cert and key files.
var certificatePath = path.resolve(__dirname, "../.localhost-ssl");
// The specific location of the files.
var privateKey = fs.readFileSync(certificatePath + "/key.pem");
var certificate = fs.readFileSync(certificatePath + "/cert.pem");
// Combined to make a credentials object.
var credentials = {key: privateKey, cert: certificate};
var app = express();
app.get("/", function(request, response) {
response.end("Hello, SSL World!");
});
// Create the https server like this and pass in the credentials.
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(8443, function() {
console.log("App started on port 8443");
});
And then with a little bit of luck and a cheeky smile you should get your output SSL message on the screen.
Hello, SSL World!
Bone Yard 