TransWikia.com

node https ssl your connection is not private error

Stack Overflow Asked by Andrea Dattero on December 5, 2021

I recently bought an ssl certificate and i am having a problem with google chrome when i access my website it says ‘Your connection is not private NET::ERR_CERT_AUTHORITY_INVALID’ here is what i am doing:

const express = require("express");
const https = require('https');
const helmet = require("helmet");
const cors = require("cors");
const fs = require("fs");
const path = require("path");
const app = express();
const config = require("./config");
const passport = require("passport");
const credentials = { key: fs.readFileSync('ssl/site.key', 'utf-8'), cert: fs.readFileSync('ssl/site.crt', 'utf-8') + fs.readFileSync('ssl/site.ca-bundle', 'utf-8') };

app.use(helmet());
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(
  require("express-session")({
    secret: require("./config.json").app.secretKey,
    resave: false,
    saveUninitialized: true,
    cookie: {
      secure: false,
      maxAge: 60 * 60 * 1000 * 24 * 365,
    },
  })
);

app.use(passport.initialize());
app.use(passport.session());
passport.use(require("./service/passport"));

app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views"));
app.use(express.static(path.join(__dirname, "views")));

app.use("/", require("./api/views"));
app.use("/auth", require("./api/auth"));
app.use("/answer", require("./api/answer"));
app.use("/user", require("./api/views/user.view"));
app.use("/courses", require("./api/views/courses.view"));
app.use("/question", require("./api/views/question.view"));
app.use("/answer", require("./api/views/answer.view"));

app.use("/api/user", require("./api/user"));
app.use("/api/course", require("./api/course"));
app.use("/api/feedback", require("./api/feedback"));
app.use("/api/help", require("./api/help"));
app.use("/api/questions", require("./api/question"));

var httpsServer = https.createServer(credentials, app);

httpsServer.listen(config.app.port);

console.log(credentials);
//app.listen(config.app.port);

I have seen that a lot of people had the same problem what should i do?

2 Answers

Appearently it took some days to have the certification marked as safe here is the code at the end:

const express = require("express");
const https = require('https');
const helmet = require("helmet");
const cors = require("cors");
const fs = require("fs");
const path = require("path");
const app = express();
const config = require("./config");
const passport = require("passport");
const credentials = { key: fs.readFileSync('ssl/site.key', 'utf-8'), cert: fs.readFileSync('ssl/site.crt', 'utf-8'), ca: fs.readFileSync('ssl/site.ca-bundle', 'utf-8') };

app.use(helmet());
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(
  require("express-session")({
    secret: require("./config.json").app.secretKey,
    resave: false,
    saveUninitialized: true,
    cookie: {
      secure: false,
      maxAge: 60 * 60 * 1000 * 24 * 365,
    },
  })
);

app.use(passport.initialize());
app.use(passport.session());
passport.use(require("./service/passport"));

app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views"));
app.use(express.static(path.join(__dirname, "views")));

app.use('/', require('./api/home'));
app.use("/auth", require("./api/auth"));
app.use("/answer", require("./api/answer"));
app.use('/material', require('./api/material'));
app.use("/user", require("./api/user"));
app.use("/courses", require("./api/course"));
app.use('/feedback', require('./api/feedback'))
app.use("/question", require("./api/question"));
app.use("/answer", require("./api/answer"));

var httpsServer = https.createServer(credentials, app);

httpsServer.listen(config.app.port);

Also i used the certification that i generated via openssl and not the one i received from the website.

Answered by Andrea Dattero on December 5, 2021

You need to collect the site certificate and the intermediate certificates into a single buffer and pass that combined buffer as the cert option to https.createServer(). So replace this:

const credentials = { key: fs.readFileSync('ssl/key.pem'), cert: fs.readFileSync('ssl/crt.pem'), ca: fs.readFileSync('ssl/ceraut.ca-bundle') };

with this:

const credentials = { key: fs.readFileSync('ssl/key.pem'), cert: fs.readFileSync('ssl/crt.pem') + fs.readFileSync('ssl/ceraut.ca-bundle') };

(This assumes that your ca-bundle file contains the intermediate certs in the correct order and in PEM format.) It's possible that you might also have to add a newline between the content of the two files if the closing newline from the site cert file has somehow been lost.

Don't pass a ca option to createServer() at all. That option specifies a non-default root cert collection that should be used to validate a received certificate. Your server doesn't need that option.

For details see https://nodejs.org/docs/latest-v10.x/api/tls.html#tls_tls_createsecurecontext_options or the equivalent for the appropriate Node version, although the precise version probably doesn't matter. The docs for these options have been stable for ages.

Answered by ottomeister on December 5, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP