- How does HTTP?
- How does HTTPS?
- What are TLS/SSL certificates?
- How to generate and use an SSL certificate in NodeJS
The internet works through various protocols, such as: HTTP and HTTPS. HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for presenting information – used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses.
HTTP requests are generated by a user's browser as the user interacts with web properties. For example, if a user clicks on a hyperlink, the browser will send a series of "HTTP GET" requests for the content that appears on that page. If someone Googles "What is HTTP?" and this article shows up in the search results, when they click on the link, their browser will create and send a series of HTTP requests in order to get the information necessary to render the page. These HTTP requests all go to either an origin server or a proxy caching server, and that server will generate an HTTP response. HTTP responses are answers to HTTP requests. In the OSI model (see What is the OSI model?), HTTP is a layer 7 protocol.
Hypertext Transfer Protocol Secure (HTTPS) is basically the same as HTTP, but with one major difference: Security. HTTPS is the secured version of HTTP for confidential and private sharing of sensitive user data. While data being exchanged between a client and a server over HTTP protocol can be stolen by capturing the data packets What is a secure connection? A connection in which all data and communication is encrypted before transfer so no one can see it by capturing the data packets that are being sent. when a user enters the username and password on the login page of your site, and if your site loads over HTTPS, the data is encrypted by the web browser using a public key and then sent to your server
- Create a certificate signing request: Once you purchase an SSL certificate, you need to create a Certificate Signing Request (CSR) for your domain. This can be done from the dashboard or control panel of your web host.
- Purchase the certificate: Next, you should go to the website of a certifying authority or company selling SSL certificates (i.e. ClickSSL). After you create an account on the company’s site, you need to submit your CSR to them. It will be used to generate your SSL certificate. Once generated, the certificate, along with its keys will be issued to you.
- Install Certificates on your web hosting account: The next step is to install the certificate on your server. You can import it yourself using the control panel provided by your web host.
- Set up 301 redirects: The final step is to set up a permanent 301 redirect from HTTP version of your site to HTTPS version. This will force everyone to access your site over a secure connection.
The core of a safe and secure internet is Transport Layer Security (TLS) certificates, also known as SSL or digital certificates.
TLS/SSL certificates encrypt data exchanged between your browser, the website you're visiting, and the website server, ensuring that internet connections are secure. They ensure that data is transmitted securely and without being tampered with, lost, or stolen.
All major web browsers employ TLS/SSL certificates to ensure that consumers have a safer online experience. Because TLS/SSL certificates encrypt and protect sensitive information moved to and from websites, internet users are more likely to trust them. They also symbolize or authenticate the brand identity of your website. In this way, TLS/SSL certificates serve as both an identity protection and a security safeguard for enterprises exchanging confidential data over the internet.
When offering customers a better idea of who you are, for instance: Heba Hasan is a pseudonymous Internet user whose activities are untraceable. Do you have faith in her when it comes to your personal information?
| Domain Validated | Organization Validated | Extended Validation |
|---|---|---|
| Domain Validated (DV) certificates offer the simplest level of identity verification, allowing even anonymous organisations to obtain a certificate. At this level, Heba Hasan, both benevolent and malicious, can remain anonymous. | Additional checks are performed on Organization Validated (OV) certificates to ensure identity and brand protection. At this level, Heba Hasan can no longer lurk in the shadows. | Extended Validation (EV) certificates ensure that your identity and brand are protected to the highest level possible. With EV, brands send a message to customers that their transactions will be safe. Jane Doe has been positively identified. |
To create a new npm project, let's create a directory named node-ssl-server and open the node-ssl-server directory in the terminal using this command.
cd node-ssl-serverThen run this command to create a new npm project.
npm init -yNow let's install the dependency i.e express, to do so run this command:
npm install expressNow let's create a start script in package.json, just add this line inside the "script{}" as shown below:
"scripts": {
"start":"node index.js"
},Now let's add a index.js file in our app and add few lines in it as shown below:
const express = require('express')
const https = require("https") // https module to create a ssl enabled server
const path = require("path") // path module
const fs = require("fs") //file system module
const app = express()
app.use("/",(req,res,next)=>{
res.send("hello from ssl secured server!!")
})
const options = {
key:'',
cert:''
}
const sslServer = https.createServer(options,app)
sslServer.listen(port,()=>{
console.log(`Secure Server is listening on port ${port}`)
});before we proceed further let's create a directory to store the certificates inside our app folder.
mkdir certnow move to the cert directory using cd command
cd certTo generate the SSL Certificate we need to follow these steps as shown below:
- Generate a Private Key
- Create a CSR ( certificate signing request) using the private key.
- Generate the SSL certification from CSR
Generate a Private Key To generate a private key we will run this command as shown below:
openssl genrsa -out key.pemOnce we ran the above command it will generate the private key and save it in key.pem file inside cert directory and gives this type of message in the terminal.
Generating RSA private key, 2048 bit long modulus
...+++
.................+++
e is 65537 (0x10001)Since we are our own certificate authority, we need to use CSR to generate our certificate. To do so we need to run the below command.
openssl req -new -key key.pem -out csr.pemOnce we ran this command it will ask a few questions as shown below:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Now for the final steps, we need to use the key.pem and crs.pem files to generate our SSL certificate.
let's run the below command to generate it.
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pemNow let's use these certificates inside our app using file system (fs) and path module. To do so, we need to edit a few lines in our app as mentioned below: Earlier we had created a constant variable options. now we will update that part of the code by adding the path of the generated certificates inside it as shown below.
Before:
const options ={
key:'',
cert:''
}After:
const options ={
key:fs.readFileSync(path.join(__dirname,'./certs/key.pem')),
cert:fs.readFileSync(path.join(__dirname,'./certs/cert.pem'))
}npm startYou can check if HTTPS is working or not by just accessing it from this URL:
https://localhost:3002