4

Earlier i used a self signed certificate and created a https server on node js using

var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );

var app = express();

https.createServer({
    key: privateKey,
    cert: certificate,
    passphrase:'abc123'
}, app).listen(1111);

I have now purchased and verified an SSL certificate from GoDaddy.I have downloaded the SSL certificate from GoDaddy and got 2 files :

1) d752ec439hdwudbdh7.crt:

-----BEGIN CERTIFICATE-----

........

-----END CERTIFICATE-----

2)gd-bundle-g2-g1.crt:

-----BEGIN CERTIFICATE-----

........

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

........

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

........

-----END CERTIFICATE-----

What files are these and how do i configure these files to use with https.createServer

nikhil.g777
  • 882
  • 3
  • 12
  • 24
  • Hi, take a look at this: http://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files – Karol Klepacki Oct 19 '16 at 10:00
  • Thanks ! But i do not know what these files stand for, they are .crt files and i do not know which one is the certificate and what the bundle file is for – nikhil.g777 Oct 19 '16 at 10:03

1 Answers1

3

d752ec439hdwudbdh7.crt is your site's certificate generated by GoDaddy. It corresponds to your cert.pem file. As the format of the file provided by GoDaddy is actually PEM (base64 encoded data beginning with the ----BEGIN text), you can use it as it is without having to convert formats.

gd-bundle-g2-g1.crt is the set of certificates (one or more intermediate certificates and optionally, a root certificate) that is used to verify trust. This chain of certificates is what browsers and other user agents use to determine if the certificate was granted by GoDaddy, and if GoDaddy is someone they trust. You will need to use the ca option in https.createServer and specify the path to this file. Again, the file format is what is expected by node/ express and you can just rename it to something sensible and use it like this:

var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );
var caBundle = fs.readFileSync( 'ca.pem' );

var app = express();

https.createServer({
    key: privateKey,
    cert: certificate,
    ca: caBundle,
    passphrase:'abc123'
}, app).listen(1111);

Once done, I'd recommend checking your site against an online scanner like SSL Labs Server test to ensure that your site does not show any certificate related errors. It'd also be good to fix any other misconfiguration reported there.

Anand Bhat
  • 5,591
  • 26
  • 30