Running SSL node.js server with godaddy gd_bundle.crt
I am having trouble getting my SSL server working with the certificate's from godaddy
Using Express: 3.1.0
Below this works with a key/crt that was generated locally / not signed by go daddy (The browser complains but if you add exception it works.
var http = require('https');
var privateKey = fs.readFileSync('/var/www/dev/ssl/server.key').toString();
var certificate = fs.readFileSync('/var/www/dev/ssl/server.crt').toString();
var credentials = {key: privateKey, cert: certificate};
var https = http.createServer(credentials, app);
With godaddy I am provided an extra file gd_bundle.crt which I believe you implement like this, however I am getting an error
var http = require('https');
var privateKey = fs.readFileSync('/var/www/prod/ssl/mysite.key').toString();
var certificate = fs.readFileSync('/var/www/prod/ssl/mysite.com.crt').toString();
var ca = fs.readFileSync('/var/www/prod/ssl/gd_bundle.crt').toString();
var credentials = {key: privateKey, cert: certificate, ca: ca};
var https = http.createServer(credentials, app);
With this configuration I get: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Truth be told I am not creating they keys/certs our devops guy does... I am not sure how I can troubleshoot if I am implementing the godaddy ones incorrectly or if there is a way to ensure he setup the key/crt files correctly....
Does anyone see anything blatantly obviously wrong?
Answer
Node requires each certificate in the CA chain to be passed separately in an array. gd_bundle.crt probably looks like this:
-----BEGIN CERTIFICATE-----
MIIE3jCCA...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEADCCA...
-----END CERTIFICATE-----
Each certificate needs to be put in its own file (ie gd1.crt and gd2.crt) and read separately.
https.createServer({
key: fs.readFileSync('mysite.key'),
certificate: fs.readFileSync('mysite.crt'),
ca: [fs.readFileSync('gd1.crt'), fs.readFileSync('gd2.crt')]
});