Securing Your HTTP Server with HTTPS
WHAT’S IN THIS CHAPTER?
- Setting up an HTTPS server
- Making requests to an HTTPS server
- Validating client and server certificates
HTTPS adds the security capabilities of TLS to the standard HTTP protocol. In Node HTTPS is implemented as a separate module from HTTP. The HTTPS API is very similar to the HTTP one, with some small differences.
The https Node core module extends the core http module and uses the tls module as a transport mechanism. For instance, the https.Server pseudo-class simply inherits from the http.Server pseudo-class, overriding the way that connections are constructed inside the corresponding Agent class, which instantiates a TLS connection instead of a plain TCP one.
BUILDING A SECURE HTTP SERVER
In this section you will set up an HTTP server that talks to clients through a secured encrypted channel. This HTTP server can provide self-authentication to clients and authenticate client identification.
First you have to create the server private key and self-signed certificate like you did in the previous chapter:
$ openssl genrsa -out server_key.pem 1024 $ openssl req -new -key server_key.pem -out server_csr.pem $ openssl x509 -req -in server_csr.pem -signkey server_key.pem -out server_cert.pem
The second step prompts you with some questions – you can answer them as you like.
Setting Up the Server Options
To create a server, you can do something like this:
var fs = require('fs'); var https = require('https'); var ...