I am having trouble getting my SSL server working with the certificate\'s from godaddy
Using Express: 3.1.0
Below this works with a key/crt that was
Node requires each certificate in the CA chain to be passed separately in an array. gd_bundle.crt
probably looks like this:
-----BEGIN CERTIFICATE-----
MIIE3jCCA...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCA...
-----END CERTIFICATE-----
Each certificate needs to be put in its own file (ie gd1.crt
and gd2.crt
) and read separately.
https.createServer({
key: fs.readFileSync('mysite.key'),
certificate: fs.readFileSync('mysite.crt'),
ca: [fs.readFileSync('gd1.crt'), fs.readFileSync('gd2.crt')]
});
Ask GoDaddy for your ssl certificate in SHA-1 signature and break the bundle file into two files, this way...
FROM your gd_bundle.crt
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldX
RQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8
-----END CERTIFICATE-----
TO gd_bundle_01.crt
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
-----END CERTIFICATE-----
AND gd_bundle_02.crt
-----BEGIN CERTIFICATE-----
56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldX
RQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8
-----END CERTIFICATE-----
then on your server do this
var fs = require('fs'),
https = require('https');
var ssl = {
key: fs.readFileSync('./ssl/server.key', 'utf8'),
cert: fs.readFileSync('./ssl/server.crt', 'utf8'),
ca: [fs.readFileSync('./ssl/bundle_01.crt', 'utf8'),
fs.readFileSync('./ssl/bundle_02.crt', 'utf8')]
};
https.createServer(ssl, function(req, res) {
//... your code here ...
}).listen(443);
Simpler
Why be so specific just for GoDaddy's CA bundle when you can keep the same approach for different environments? I only need two files for dev env for example but production is using GoDaddy certs and has many so what to do?
For GoDaddy, I take their bundle and append it into a single file and name the extension as PEM as well as the key file which gives a pretty standard approach for all types of certs.
Then you end up just doing this for all environments:
server = https.createServer({
key: fs.readFileSync(config.sslKey),
cert: fs.readFileSync(config.sslCert),
},app).listen(config.sslPort);
In your GoDaddy cert.pem file you just place your certificate and your bundle files from 1 to x (top to bottom) and you're done like so:
-----BEGIN CERTIFICATE-----
site certificate goes here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA 1 goes here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA 2 goes here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA X goes here
-----END CERTIFICATE-----
Not necessarily better but I prefer it. I didn't encounter on Express 3.x that I had to do the CA array route but I could be wrong for the specific version.
Recently I had a similar problem with Godaddy's SSL certificates on one of our node.js servers. In my case the problem was with one of our servers validating the SSL using PHP's curl functions.
It turns out I had to choose SHA-1 signature algorithm when submitting the CSR to Godaddy. I guess it is more compatible with older systems.