Tuesday, January 2, 2018

Using certificates.cer with NodeJs HTTPS

By Hường Hana 9:30 PM , , , , Leave a Comment

I have generated a .cer file for IOS push notifications and I would ike to use it with NodeJS HTTPS module.

The only examples I found for HTTPS module work with .pem and .sfx files, not .cer :

var options = {   key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),   cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') };  or   var options = {   pfx: fs.readFileSync('server.pfx') }  https.createServer(options, function (req, res) {   res.writeHead(200);   res.end("hello world\n"); }).listen(8000);

Any solution ?

4 Answers

Answers 1

A .cer file can be encoded using two different formats: PEM and DER.

If your file is encoded using the PEM format, you could just use it like any other .pem file (more info on that can be found in the Node.js documentation):

const https = require("https");  const options = {     key: fs.readFileSync("key.pem", "utf8"),     cert: fs.readFileSync("cert.cer", "utf8") };  https.createServer(options, (req, res) => {     res.writeHead(200);     res.end("Hello world"); }).listen(8000);

If your file's encoded using the DER format, you first need convert it to a .pem file using OpenSSL (the command was taken from here):

openssl x509 -inform der -in cert.cer -out cert.pem

and then can use the above code with the cert filename being cert.pem instead of cert.cer:

const https = require("https");  const options = {     key: fs.readFileSync("key.pem", "utf8"),     cert: fs.readFileSync("cert.pem", "utf8") };  https.createServer(options, (req, res) => {     res.writeHead(200);     res.end("Hello world"); }).listen(8000);

In case you have the the key of the certificate authority that matches your cert.cer file, you can include it in the options argument of https.createServer as following (the code example assumes the file is name ca.pem and that it is encoded using the PEM format):

const https = require("https");  const options = {     ca: fs.readFileSync("ca.pem", "utf8"),     key: fs.readFileSync("key.pem", "utf8"),     cert: fs.readFileSync("cert.pem", "utf8") };  https.createServer(options, (req, res) => {     res.writeHead(200);     res.end("Hello world"); }).listen(8000);

For more information about https.createServer and its arguments, check out the documentation.

Note: all of the options above assume that you also have a public key encoded in the PEM format named key.pem and that the .cer file is named cert.cer. If you don't have a public key, please comment or add it to the question itself and I will update my answer accordingly.

If you're unsure which format your file's encoded in, you could try both options see which one works out for you.

Answers 2

This is an example using crt, you can convert a cer to crt in case it doesn't work: 

var express  = require('express'); var app      = express(); var fs       = require('fs'); var https    = require('https');  var credentials = {     ca: fs.readFileSync(__dirname+"/ssl/certificate.ca-crt", 'utf8'), //certificate concatenation or intermediate certificates     key: fs.readFileSync(__dirname+"/ssl/mydomain.com.key", 'utf8'), //SSL key     cert: fs.readFileSync(__dirname+"/ssl/certificate.crt", 'utf8') //the certificate };  app.configure(function() {      // set up your express application  });  var httpsServer = https.createServer(credentials, app); httpsServer.listen(443);

Taken from here (in spanish): salvatorelab.es
You can also see examples of what those files (crt, ca-crt...) contain or look like.

Answers 3

@Mohit, You can convert your cer to pem using command below.

openssl x509 -inform der -in certificate.cer -out certificate.pem

Source

Answers 4

HTTPS/TLS encryption is asymmetric, there are two parts to make it work, a public key and a private key.

The .cer file you get from Apple Push Notification Services (APNS) after you have uploaded the certificate signing request (CSR) is the signed public key.

The location of the private key depends on how you generated it.

If you're on a mac and using the Apple Keychain application, these two links, [1] and [2], suggest that you import the .cer public key back into Keychain.

Then use the Export option to get a single password protected .p12 file (in PKCS12 format) that will contain both the private and public keys.

In your node.js application, the exported .p12 file and password can be used as the pfx and passphrase options to https.createServer, e.g:

var options = {   pfx: fs.readFileSync('./exported-cert.p12'),   passphrase: 'password-that-was-set-on-export' };  https.createServer(options, ...);
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment