20

I'm working to setup a SSL via GoDaddy to use with my node.js server on AWS EC2. I've been unable to get it to work.

Here's what I've tried:

Intended for the domain: files.mysite.com

On the server I run:

$ openssl req -new -newkey rsa:2048 -nodes -keyout files.mysite.key -out files.mysite.csr Common Name: files.mysite.com password: left empty

I then get the CSR: vim files.mysite.csr

I copy and paste from:

-----BEGIN CERTIFICATE----- ......... lots of stuff -----END CERTIFICATE-----

There is an extra empty line at the end, which I leave and paste into the GoDaddy interface using rekey.

I then download the godaddy key which provides:

gd_bundle.crt files.mysite.com.crt

Then in node I insert: 

key: fs.readFileSync('server.key').toString(), cert: fs.readFileSync('server.crt').toString()

I'm not sure what server.key is or server.crt given that GoDaddy provides two crt files?
Can you help?

Improve this question
1
  • 3
    This question is also an answer. Your openssl command is appropriate to "generate a CSR for Node.js apps" Either that's REALLY obvious and I'm slow or it's not and there are likely a lot of people like me that need that info so I wish I could upvote this for both a question AND answer. Commented Aug 23, 2014 at 7:06

2 Answers 2

Reset to default
27

GoDaddy uses an intermidiate certificate to sign your certificate. This has several advantages to both you and GoDaddy. But it takes a bit more work to get it to work (just a bit, mostly googling around).

In node.js you can install them like this:

require('https').createServer({ key: fs.readFileSync('files.mysite.com.key'), cert: fs.readFileSync('files.mysite.com.crt'), ca: [fs.readFileSync('gd_bundle.crt')] // <----- note this part }, app).listen(443);
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Why do you have [] around the ca but not the other fields?
@RachelDRoy: Read the documentation. ca accepts an array of certificates in case there is more than one chain. For example, if gd_bundle itself was signed by another certificate.
Eureka! It works! the note this part in the example was especially helpful with my GoDaddy SSL certificate.
Since you are trying to pass an array to ca, you should split properly
3

You should use .crt and .key files at the creation of your http server instance. The following snippet will give you the idea : 

require('https').createServer({ key: fs.readFileSync('/path/to/something.key'), cert: fs.readFileSync('/path/to/something.crt'), }, app).listen(443);

If you have a passphrase for your key, you can pass it though as follows : 

require('https').createServer({ key: fs.readFileSync('/path/to/something.key'), cert: fs.readFileSync('/path/to/something.crt'), passphrase: 'your_secret_passpahrase' }, app).listen(443);
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.