2

I have a Hapi server which works fine on HTTP. I need to make this work over HTTPS. I have a certificate which we bought from COMODO.

My Key

 -----BEGIN PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGyXFDz/pSzMxO
 ...
 g7N2PgtU9nhM7eYhQmhjB+4=
 -----END PRIVATE KEY-----

My Certificate

-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIRAK3oQPHzO66FR3iLafOh2JkwDQYJKoZIhvcNAQELBQAw
...
pvWiUJabAat2O+hexjv55O4RkfQ13aIKo1Z7VeWyNQdEPaSCOFtteC4a3WelWcZ7
-----END CERTIFICATE-----

(have also tried this with a combined root certificate bundle with the same problem)

Edit: Both the certificates and the key are in the PEM format and not the DER format. There are also no problems with line endings.

My Server Code

var tls = {
    key: fs.readFileSync('privkey.pem'),
    cert: fs.readFileSync('certificate.pem')
};

var server = new Hapi.Server();

server.connection({
    address: '0.0.0.0',
    port: 443,
    tls: tls,
    routes: { cors: { origin: ['*'] }, validate: { options: { abortEarly: false } } }
});

I end up with the following error when trying to start the server 

node server.js

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Error (native)
    at Object.createSecureContext (_tls_common.js:87:19)
    at Server (_tls_wrap.js:754:25)
    at new Server (https.js:24:14)
    at Object.exports.createServer (https.js:44:10)
    at new module.exports.internals.Connection.options (W:\project\node_modules\hapi\lib\connection.js:89:74)
    at internals.Server.connection (W:\project\node_modules\hapi\lib\server.js:121:24)
    at Object.<anonymous> (W:\project\server.js:98:8)
    at Module._compile (module.js:398:26)
    at Object.Module._extensions..js (module.js:405:10)

What is going on? how do I fix this? Any help would be appreciated. Thanks

Anomaly211
  • 1,053
  • 9
  • 17
  • Did you concatenate the various certificates together? https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/789/37/certificate-installation-nginx – Matt Harrison Mar 11 '16 at 13:17
  • Possibly related: http://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste – Matt Harrison Mar 11 '16 at 13:19
  • Also try: http://stackoverflow.com/questions/31630544/cant-get-private-key-with-openssl-no-start-linepem-lib-c703expecting-any-p – Matt Harrison Mar 11 '16 at 13:19
  • Yes, I have a concatenate certificate (I mentioned this above as a "combined root certificate bundle", for lack of a better term), using which I have the same problem. – Anomaly211 Mar 11 '16 at 13:24
  • Thanks for the links. I had looked through both already. Both the certificates and the key are in the PEM format and not the DER format. There are also no problems with line endings. – Anomaly211 Mar 11 '16 at 13:28

1 Answers1

0

I was running into a similar issue, my configuration is different as I'm supplying the cert and key as a string (this is dev only). I was getting this same error because I linearized my key from a text editor which stripped out the new line (\n) characters. As soon as I added those \n characters back into my string, it worked just fine. Which got me thinking about your issue....

I tested your fs.readFileSync('server.key') (yes my server.key is in PEM format) code using my certificate and key and I noticed that without specifying an encoding, the file data was coming back as a byte array. <Buffer 2d 2d 2d 2d ....

However, specifying an encoding fs.readFileSync('server.key', 'utf-8') did give me back the certificate data as a human readable string.

I'd try updating your readFileSync calls to include an encoding like 'utf-8' - it could be why hapi can't understand your certificate data.

Hope this helps!

Mough
  • 56
  • 4