Chapter 16

Securing Your HTTP Server with HTTPS

WHAT’S IN THIS CHAPTER?

  • Setting up an HTTPS server
  • Making requests to an HTTPS server
  • Validating client and server certificates

HTTPS adds the security capabilities of TLS to the standard HTTP protocol. In Node HTTPS is implemented as a separate module from HTTP. The HTTPS API is very similar to the HTTP one, with some small differences.

The https Node core module extends the core http module and uses the tls module as a transport mechanism. For instance, the https.Server pseudo-class simply inherits from the http.Server pseudo-class, overriding the way that connections are constructed inside the corresponding Agent class, which instantiates a TLS connection instead of a plain TCP one.

BUILDING A SECURE HTTP SERVER

In this section you will set up an HTTP server that talks to clients through a secured encrypted channel. This HTTP server can provide self-authentication to clients and authenticate client identification.

First you have to create the server private key and self-signed certificate like you did in the previous chapter:

$ openssl genrsa -out server_key.pem 1024
$ openssl req -new -key server_key.pem -out server_csr.pem
$ openssl x509 -req -in server_csr.pem -signkey server_key.pem
          -out server_cert.pem

The second step prompts you with some questions – you can answer them as you like.

Setting Up the Server Options

To create a server, you can do something like this:

var fs = require('fs'); var https = require('https'); var ...

Get Professional Node.js: Building Javascript Based Scalable Software now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.