To replicate your production application its helpful when developing a local NodeJS Express application is running under SSL.
There are some web technologies which do not play nicely with standard http and its likely to become more common e.g. Web Push Notifications.
This lesson will show you how to create a local SSL certificate for localhost and then convert it into a format that will work with Express. It will also show you how to make sure that Chrome will trust it.
This lesson is for Windows as it uses a powershell command, as well as the Microsoft Management Console (MMC)
Instructor: [00:00] We want to create a local SSL certificate for local host. We want it to be trusting Chrome and we want it to work with our Node Express applications. First thing we're going to do is fire up PowerShell in Visual Studio Code in this case. We've got this for Windows only. I enter the PowerShell command.
[00:16] The certificate has now been created and stored in my local certificate store. Let's have a look at it. The next thing we want to do is fire up the Microsoft Management Console, MMC, via the command prompt. Once you have it open we need to add a new snap in, so we'll go to add new snap in.
[00:39] We will select certificates. Make sure you select computer account. Local computer is the default. We'll leave it at that. Do finish, OK. Then we'll expand the certificates. Look into personal. Here we can see we've got local hosts. Then we'll click to open the actual certificate up. It gives you information about the certificate itself.
[01:04] What we want to do is for Node we need to actually separate out or change the format from what is a PBX file into a separate certificate and key. First thing we do is copy to file. This is going to bring up the certificate export wizard.
[01:21] We'll say next. We do want the key. Say next. Leave this ticked as default. Because it's got a key inside, we need to give it a password. Just give it a password you can remember. Hit next and you've got to decide where you want to save it to. I'll browse to where my project is going to be in here.
[01:44] This is a PFX file. We will call it in this case egghead. Next finish and the file is exported. Let's go back to our Node server. I've got my project open with the Node file and the PFX file inside. What I need to do now is use open SSL to split the file out into a private key and certificate.
[02:11] First one we'll do is the key. The command is open SSL. Pass it the name of your PFX file. Give it a name with the key. Now into the password you set previously. Now we'll deal the certificate. It's a similar command. Again, enter the password.
[02:35] Now we can go ahead and set up our Node Express server page to use as a cell. We have a standard Express application. What we're going to do now is enhance it to use SSL and our local SSL certificate. First thing we're going to do is include the HTTPS package. We're also going to need the FS package as we're going to be looking at files.
[02:58] We're going to set up some SSL options. It's going to be an object. It's going to need the key. We'll read this in from the file system. We need the public certificate. What we're going to do, we're going to change this HTTP listen method to using the SSL package, passing in the HTTPS options.
[03:25] Our server should start up fine now. Let's just run it. It started up OK. I have a public folder here and we'll just have a look at the index file and see what it looks like from a local host. We open our browser to https://localhost:8765 in Chrome and we hit this, "Your connection is not private." Chrome actually isn't trusting our certificate at the moment.
[03:46] Let's fix that. What we need to do is fire up the MMC console again, add in our certificate snap in, go into personal certificates, right click on our local host, copy it, go to trusted roots certificate authorities certificates and paste it in there. That gets added.
[04:06] Now if we relaunch Chrome it should be trusted. If I reopen the browser, put in my host file, the HTTPS, and this time Chrome loads it fine. You can see we've got a nice secure connection.