Node.JS https server for Webhook gets handshake error

Question

The following NodeJS just handles a webhook coming from another source. I tested it out, it works on http port 80 but the source requires https.

When I opened that port and ran this script on 443, testing it with curl gets the following error. Yet I don't think it should require a certificate should it? How would I even solve this?

curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect

Here is the script:

var http = require('https')

var server = http.createServer(function(req, res) {
    if (req.method == "POST") {
        var str = ''
        req.on('data', function(data) {
            str += data
        })
        req.on('end', function() {
            var json = JSON.parse(str)
            res.end(json.meta.status)
        })
    }
})
console.log("HTTPS server listening on port 443...")
server.listen(443)

UPDATE:

Here's the latest code. I created a self-signed cert without a passphrase. I get further but I still get an error using curl with the -k option added. I get a certificate verification error without the -k.

Cannot POST /

var https = require('https')
var fs = require('fs')
var express = require('express');

var options = {
    key: fs.readFileSync('./server.key'),
    cert: fs.readFileSync('./server.cert')
}

var app = express()

var server = https.createServer(options, app, function(req, res) {
    if (req.method == "POST") {
        var str = ''
        req.on('data', function(data) {
            str += data
        })
        req.on('end', function() {
            var json = JSON.parse(str)
            res.end(json.meta.status)
        })
    }
})
console.log("HTTPS server listening on port 443...")
server.listen(443)

score 1 · Accepted Answer · edited May 23 '17 at 11:59

1

HTTPS server config always requires SSL certificate. You can generate it using openssl here is in more details. Then for node server use crypto,fs modules. Detailed config is here.

edited May 23 '17 at 11:59

Community

1
1

answered Sep 05 '15 at 07:02

Dmitry S

4,990
2
24
32

This was helpful but I still can't get it working, at least not that way. It says bad password read. How do I include the password to the cert? – Nathan McKaskle Sep 06 '15 at 17:47
try to add `passphrase ` option along with `key` and `cert`. @NathanMcKaskle – Dmitry S Sep 06 '15 at 18:07
there is no miracle, ok. try to use ket/cert [without passphrase](http://serverfault.com/a/366374/306011). @NathanMcKaskle – Dmitry S Sep 06 '15 at 20:40
Oh I see nevermind, you linked that to creating a cert w/o a passphrase. I'll try that. – Nathan McKaskle Sep 07 '15 at 15:12
See my update to my post above. What you said to do seems to allow the server to at least run now. Maybe I'm doing something else wrong. – Nathan McKaskle Sep 07 '15 at 15:27
@NathanMcKaskle what kind of error are you getting now? – Dmitry S Sep 08 '15 at 06:51
When trying curl it's saying cannot POST / see above edits to the post. – Nathan McKaskle Sep 09 '15 at 14:35
Nevermind I got it working actually. It was the express part. I'm not really using express in this webhook scenario. Not sure why that was causing this. I removed it and now I can curl without error but only if I do a -k. I gotta figure out how to do without -k. Does it have to be a legit cert? – Nathan McKaskle Sep 09 '15 at 17:43

Node.JS https server for Webhook gets handshake error

1 Answers1