I am trying to use HTTPS on my Node.js app, just as it is already enabled for anything else. I have the keys and certificates already installed, but I get a Error: EACCES, permission denied
when I tried to point to them on the app.
Both the key and the certificate are in subfolder of /etc/pki/tls
, and I attempted pointing to them like this:
var privateKey = fs.readFileSync('/etc/pki/tls/private/serverKey.key').toString(),
certificate = fs.readFileSync('/etc/pki/tls/certs/2_mikewarren.me.crt').toString();
var options = {
key: privateKey,
cert: certificate
}
Do I need to adjust the permissions of the keys and certificates (via chown
)? If so, is it safe to do?
Expand Certificates (Local Computer) > Personal > Certificates. Right-click the certificate, and select All Tasks > Manage Private Keys. Add the NETWORK SERVICE user to the list of groups and user names. Select the NETWORK SERVICE user and grant it Full Control rights.
A private key is created by you — the certificate owner — when you request your certificate with a Certificate Signing Request (CSR).
In the Certificate windows that appears, you should see a note with a key symbol underneath the Valid from field that says, "You have a private key that corresponds to this certificate." If you do not see this, then your private key is not attached to this certificate, indicating a certificate installation issue.
I got my code access.
What I did
certAccess
certAccess
by saying sudo useradd ec2-user -G certAccess
certAccess
sudo chown ec2-user.certAccess /etc/pki/tls/private/serverKey.key
Testing...
To test, I simply print options
to the console, right after using it. Indeed, I saw the contents of private key and certificate (try it yourself). I also restart httpd
server, and requested static files. I saw them, protected with TLS, without fault.
The problem is that these certificates are only readable by root (and maybe an other user).
You could use chmod to give read access to all users, but that means… that all users would have access to it. So, bad idea.
An other solution would be to either chown
these files to the user running node.js, but if there is already a user with an application using these, it will break it. In that case, create a new group that owns the file, give read permissions to that group, and add the users that should access the files in that group.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With