Using certificates.cer with NodeJs HTTPS

Asked 3/3, 2014 at 12:6 Answered 2/1, 2018 at 21:42

ios node.js https apple-push-notifications ssl-certificate

I have generated a .cer file for IOS push notifications and I would ike to use it with NodeJS HTTPS module.

The only examples I found for HTTPS module work with .pem and .sfx files, not .cer :

var options = {
  key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
  cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};

or 

var options = {
  pfx: fs.readFileSync('server.pfx')
}

https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8000);

Any solution ?

Hawger answered 3/3, 2014 at 12:6 Comment(4)

did you ever solve this properly? i am stuck at the same place at the moment – Plaint 7/6, 2017 at 14:45

How did you solve this issue please tell us i am stuck on same place...thanks – Sillabub 27/12, 2017 at 6:17

@Plaint have you ever solved this problem? – Sillabub 29/12, 2017 at 5:59

@MohitJain did my answer work for you? If not, how did you generate your CSR? (https://mcmap.net/q/995295/-using-certificates-cer-with-nodejs-https) – Diacaustic 3/1, 2018 at 10:12

A .cer file can be encoded using two different formats: PEM and DER.

If your file is encoded using the PEM format, you could just use it like any other .pem file (more info on that can be found in the Node.js documentation):

const https = require("https");

const options = {
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.cer", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

If your file's encoded using the DER format, you first need convert it to a .pem file using OpenSSL (the command was taken from here):

openssl x509 -inform der -in cert.cer -out cert.pem

and then can use the above code with the cert filename being cert.pem instead of cert.cer:

const https = require("https");

const options = {
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.pem", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

In case you have the the key of the certificate authority that matches your cert.cer file, you can include it in the options argument of https.createServer as following (the code example assumes the file is name ca.pem and that it is encoded using the PEM format):

const https = require("https");

const options = {
    ca: fs.readFileSync("ca.pem", "utf8"),
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.pem", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

For more information about https.createServer and its arguments, check out the documentation.

Note: all of the options above assume that you also have a public key encoded in the PEM format named key.pem and that the .cer file is named cert.cer. If you don't have a public key, please comment or add it to the question itself and I will update my answer accordingly.

If you're unsure which format your file's encoded in, you could try both options see which one works out for you.

Bravissimo answered 30/12, 2017 at 13:21 Comment(3)

From where i will get key.pem file. I have only .cer file – Sillabub 1/1, 2018 at 10:59

In order to get the .pem file, the .cer file must be signed with your private key. Only when you have the private key you are able to export the certificate (.cer) as a .pem file. If you are not the owner of the certificate, ask the owner to export it for you as a .pem. – Mungovan 2/1, 2018 at 13:22

should key.pem not be the 'private' key instead of 'public' ? – Coalition 21/3, 2023 at 7:58

@Mohit, You can convert your cer to pem using command below.

openssl x509 -inform der -in certificate.cer -out certificate.pem

Source

Kennethkennett answered 2/1, 2018 at 12:14 Comment(0)

HTTPS/TLS encryption is asymmetric, there are two parts to make it work, a public key and a private key.

The .cer file you get from Apple Push Notification Services (APNS) after you have uploaded the certificate signing request (CSR) is the signed public key.

The location of the private key depends on how you generated it.

If you're on a mac and using the Apple Keychain application, it has the private key. Import the .cer public key back into Keychain. Then use the Export option to get a single password protected .p12 file that will contain both the private and public keys. See links [1] and [2].

In your node.js application, the exported .p12 file and password can be used as the pfx and passphrase options to https.createServer.

For example:

var options = {
  pfx: fs.readFileSync('./exported-cert.p12'),
  passphrase: 'password-that-was-set-on-export'
};

https.createServer(options, ...);

Diacaustic answered 2/1, 2018 at 21:42 Comment(0)

This is an example using crt, you can convert a cer to crt in case it doesn't work:

var express  = require('express');
var app      = express();
var fs       = require('fs');
var https    = require('https');

var credentials = {
    ca: fs.readFileSync(__dirname+"/ssl/certificate.ca-crt", 'utf8'), //certificate concatenation or intermediate certificates
    key: fs.readFileSync(__dirname+"/ssl/mydomain.com.key", 'utf8'), //SSL key
    cert: fs.readFileSync(__dirname+"/ssl/certificate.crt", 'utf8') //the certificate
};

app.configure(function() {

    // set up your express application

});

var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);

Taken from here (in spanish): salvatorelab.es
You can also see examples of what those files (crt, ca-crt...) contain or look like.

Tecu answered 3/3, 2014 at 13:0 Comment(0)

Recommended topics

Hot tags