0

I have this in Node.js:

const http2 = require('http2')
const fs = require('fs')

let server

start({
  port: process.env.PORT || 3000,
  private: fs.readFileSync('/Users/me/certs/localhost.key').toString(),
  public: fs.readFileSync('/Users/me/certs/localhost.crt').toString()
})

async function start(opts) {
  server = await createServer(opts)
}

async function createServer({ port, private, public, password }) {
  return new Promise((res, rej) => {
    let server = http2.createSecureServer({
      key: private,
      cert: public,
      passphrase: password,
      allowHTTP1: true,
      secureProtocol: 'TLSv1_2_method'
    }, handleServerRequest)

    server.listen(port, fault => {
      if (fault) {
        rej(fault)
      } else {
        res()
      }
    })
  })
}


async function handleServerRequest(req, res) {
  console.log('here')
}

I generated my certs (and I think added it to the trust store on my computer) like this:

mkdir ~/certs
cd ~/certs
openssl req -x509 -sha256 -nodes \
  -subj '/CN=localhost' \
  -newkey rsa:2048 -days 365 \
  -keyout localhost.key -out localhost.crt
open localhost.crt # add it to something? login?
sudo security add-trusted-cert \
  -p ssl -d -r trustRoot \
  -k ~/Library/Keychains/login.keychain localhost.crt

However, upon running the Node.js server and visiting https://localhost:3000, I get this:

enter image description here

What am I doing wrong? How do I fix it?

Lance
  • 365
  • 2
  • 10
  • 3
    Most browsers will no longer trust self-signed certificates. for chrome see here: https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate for firefox see here: https://superuser.com/questions/1303396/how-to-fix-firefox-59-no-longer-accepting-my-self-signed-ssl-certificate-on-dev – Frank Thomas Jul 25 '20 at 04:53
  • How do you get HTTPS on localhost then? – Lance Jul 25 '20 at 05:01
  • well, you won;t be able to get one for localhost, but you can probably get one for your DNS domain if you implement one. see here for where to get a free certificate: https://letsencrypt.org/ – Frank Thomas Jul 25 '20 at 07:42
  • 3
    Another idea is to import your certificate (or a signer cert if you create your own little CA) into the browser's cert store. Then it will accept the cert from localhost. – fratester Jul 25 '20 at 14:19
  • @fratester mind outlining how to do that in an answer? – Lance Jul 25 '20 at 19:06

0 Answers0