知識庫

在 Node.js 安裝 SSL 證書

After the certificate is issued, the .crt file and .ca-bundle will be sent to you via email by the Certificate Authority. Also, you can download the certificate from ZTABOX email.

The certificate installation should be performed as follows:

  1. Upload the received files to the needed directory.
  2. Create an HTTPS server

The main idea of node.js is creating a server (something like a responder) in the command line interface. So, your server code should be corrected with the following lines:

node_03

where: path/to/example_com.ca-bundle - full path to the uploaded .ca-bundle file
path/to/example_com.key - full path to your private key stored on the server
path/to/example_com.crt - full path to the end-entity certificate.

Note: Due to some peculiarity in Node.JS tls module, different Node.JS versions, and in JavaScript construction, there is a possibility that the .ca-bundle file provided by Comodo may not be recognized by the server. Only the first intermediate certificate from the chain will be returned which will make the connections insecure in old desktop browsers and most mobile ones.

This issue happens in Node.js versions 0.5.x and further to 3.x.x. Version 5.2.0 that was used in testing has displayed 3 certificates in the bundle.

In this case, there is a workaround of certificate array line-by-line parsing using the following (CoffeeScript-written) script:

node_04

After using this part of script, https.options can be written down as:

node_05

where ca: ca will be executed by the server automatically as it refers to the result of the script cycle segment above.

With the help of implementing these parts of code, the full certificate chain will be displayed.

Also, this can be done in a text editor and the server script can be saved as a .js file. The saved script can be executed using this command in Node.JS shell:

$ node < script name >.js

The test server has been brought up in LAN and the certificate has been installed correctly:

node_01

node_02

After the SSL certificate is configured and the server is started, you should notice "secureConnection" event in the output, this, however, should not be considered as a confirmation of a correct SSL installation since in terms of Node.js there is no specific indicator that translates into a proper SSL setup.

Instead, online checkers can be used to verify the accuracy of SSL certificate configuration here or here.