Chapter 16

Securing Your HTTP Server with HTTPS


  • Setting up an HTTPS server
  • Making requests to an HTTPS server
  • Validating client and server certificates

HTTPS adds the security capabilities of TLS to the standard HTTP protocol. In Node HTTPS is implemented as a separate module from HTTP. The HTTPS API is very similar to the HTTP one, with some small differences.

The https Node core module extends the core http module and uses the tls module as a transport mechanism. For instance, the https.Server pseudo-class simply inherits from the http.Server pseudo-class, overriding the way that connections are constructed inside the corresponding Agent class, which instantiates a TLS connection instead of a plain TCP one.


In this section you will set up an HTTP server that talks to clients through a secured encrypted channel. This HTTP server can provide self-authentication to clients and authenticate client identification.

First you have to create the server private key and self-signed certificate like you did in the previous chapter:

$ openssl genrsa -out server_key.pem 1024
$ openssl req -new -key server_key.pem -out server_csr.pem
$ openssl x509 -req -in server_csr.pem -signkey server_key.pem
          -out server_cert.pem

The second step prompts you with some questions – you can answer them as you like.

Setting Up the Server Options

To create a server, you can do something like this:

var fs = require('fs'); var https = require('https'); var ...

Get Professional Node.js: Building Javascript Based Scalable Software now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.