Node.js https key and certificat

Question

Hi,
I tried creating a pem key and csr using openssl for windows :

Test 1

OpenSSL> req -x509 -newkey rsa:2048 -keyout key_localhost.pem -out cert_localhost.pem -days 365

That created 2 files names key_localhost.pem and cert_localhost.pem. I pasted both files to the same level of my server.js file. However my browser been getting a security problem.

Display on the browser :

The certificate is not safe because it is self-signed.
The most valid certificate only for. 
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

Here is my server.js

https.createServer({
    key: fs.readFileSync('key_localhost1.pem'),
    cert: fs.readFileSync('cert_localhost1.pem'),
    passphrase: 'localhost',
  }, app).listen(8080);

Test 2

I tried another thing :

openssl> req -newkey rsa:2048 -new -nodes -keyout key.pem -out key_localhost2.pem
openssl> x509 -req -days 365 -in key_localhost2.pem -signkey key.pem -out cert_localhost2.crt

That created three file names key_localhost.pem, cert_localhost.pem and key.pem. But nothings change on my browser...

Here is my server.js

https.createServer({
    key: fs.readFileSync('key.pem'),
    cert: fs.readFileSync('cert_localhost2.crt'),
    passphrase: 'localhost',
  }, app).listen(8080);

Any help would be much appreciated.

Thanks

Answer 1

The error tells you the problem: self-signed certificates, as the one you're using, are considered to be a security risk. A trusted (by the browser) CA (Certification Authority) needs to sign your keys before the browser will deem them secure. One such CA is Let's Encrypt.

There's a module called auto-sni that can automate requesting certificates from Let's Encrypt. I've never used this module myself, so no idea how well it works.

Answer 2

I think browser is asking you to add the exception. You can follow any of the below links: https://superuser.com/questions/632059/how-to-add-a-self-signed-certificate-as-an-exception-in-chrome

Getting Chrome to accept self-signed localhost certificate