2

I created a Self Signed certificate using openSSL using this command:

openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

I have a Express/Node server using it through this code:

https
    .createServer(
      {
        key: fs.readFileSync("/Users/Me/.localhost-ssl/localhost.key"),
        cert: fs.readFileSync("/Users/Me/.localhost-ssl/localhost.crt")
      },
      app
    )
    .listen(8080, () => console.log(env + " Server listening on port 8080"));

I started this server and it's running through https. I have a client (based on create-react-app) running in the same machine, different port, trying to connect to this server on port 8080.

On the first run, I trusted the certificate after Chrome said that it was invalid and, as the picture below shows, my client app does not complain about the certificate:

Connections is safe

However, the client can't retrieve data from the server. The client shows this error: enter image description here

Here my keychain picture, showing this certificate:

enter image description here

What is missing? Do I need 2 certificates in my keychain? Because I am running the client and the server in the same machine.

Aldo
  • 1,199
  • 12
  • 19
  • The browser screencap shows you connecting to `localhost:3000` but the client app is connecting to `localhost:8080`. Sounds like the client, which the error is from, doesn't like the self signed cert. Is the 'client' a browser or some other JS module? – v25 Dec 30 '18 at 20:38
  • @v25 I am not sure what you mean if the client is the browser: I have a react.js app running in the browser, in localhost:3000. My server, is a service running in localhost:8080. When the client tries to fetch data from the server, it raises the error shown. – Aldo Dec 30 '18 at 20:43
  • Whatever is generating the red `ERR_CERT_AUTHORITY_INVALID` error doesn't recognise/care that you accepted the self-signed certificate in Chrome. This may be a waste of time to fix when you can get a free cert from [Let's Encrypt](https://letsencrypt.org/). Is there a reason you need SSL here? If it's just a single development box then plain HTTP should be fine, and avoids these issues, surely? – v25 Dec 30 '18 at 21:35
  • Also if you were running this in production you should have nginx between your node app as described in [this A](https://stackoverflow.com/a/42762965/2052575) which fields a similar question to your own. Your node app would still run in HTTP mode, with nginx handling the LE certs fully and presenting a secure connection to the browser. – v25 Dec 30 '18 at 21:48
  • 1
    Based on @v25's comment, and the screenshot, it seems like your application is being hosted at :3000, while you are making requests to :8080. The :3000 cert is trusted and accepted by Chrome, whereas the :8080 cert is not. If you open up the devtools in Chrome, the network tab should show the same error. Right click on that failed request, and "open in new tab", then trust the cert from the new tab. – Michael Camden Dec 30 '18 at 22:32
  • @MichaelCamden, it worked fine! Now I can see 2 trusted certificates in my keychain, one for localhost:300 and another one for localhost:8080. Thanks a lot. – Aldo Dec 30 '18 at 22:43
  • @Aldo Glad I could help! – Michael Camden Dec 30 '18 at 22:43
  • https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/ – Shane Powell Jan 11 '19 at 22:36

0 Answers0