Cover by Pedro Teixeira

Safari, the world’s most comprehensive technology and business learning platform.

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required

O'Reilly logo

Chapter 16

Securing Your HTTP Server with HTTPS

WHAT’S IN THIS CHAPTER?

  • Setting up an HTTPS server
  • Making requests to an HTTPS server
  • Validating client and server certificates

HTTPS adds the security capabilities of TLS to the standard HTTP protocol. In Node HTTPS is implemented as a separate module from HTTP. The HTTPS API is very similar to the HTTP one, with some small differences.

The https Node core module extends the core http module and uses the tls module as a transport mechanism. For instance, the https.Server pseudo-class simply inherits from the http.Server pseudo-class, overriding the way that connections are constructed inside the corresponding Agent class, which instantiates a TLS connection instead of a plain TCP one.

BUILDING A SECURE HTTP SERVER

In this section you will set up an HTTP server that talks to clients through a secured encrypted channel. This HTTP server can provide self-authentication to clients and authenticate client identification.

First you have to create the server private key and self-signed certificate like you did in the previous chapter:

$ openssl genrsa -out server_key.pem 1024
$ openssl req -new -key server_key.pem -out server_csr.pem
$ openssl x509 -req -in server_csr.pem -signkey server_key.pem
          -out server_cert.pem

The second step prompts you with some questions – you can answer them as you like.

Setting Up the Server Options

To create a server, you can do something like this:

var fs = require('fs'); var https = require('https'); var ...

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required