Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure node.js running on Windows to use multiple SSL certificates with multiple domain names?

I've read through this question and answer: " Is it Possible to Dynamically Return an SSL Certificate in NodeJS?"... but it uses .key and .crt files for the domains and the server.

On a Windows 2008 R2 machine, I can't find the domain1.key, server.key and server.crt files. Instead I've created a domain1.pfx file by exporting the SSL certficate from IIS.

I am able to successfully run an https node.js server using this one PFX file with one domain like this:

var fs = require('fs');
var https = require('https');
var crypto = require('crypto');

function getSecureContext(domain) {
    return crypto.createCredentials({
        pfx:        fs.readFileSync('/path/to/' + domain + '.pfx'),
        passphrase: 'passphrase'
    }).context
}
var secureContext = {
    'domain1': getSecureContext('domain1')
}
var options = {
    SNICallback: function (domain) {
       return (secureContext.hasOwnProperty(domain) ? secureContext[domain] : {});
    },
    pfx: fs.readFileSync('/path/to/domain1.pfx'); // for the server certificate
};
var server = https.createServer(
    options,
    requestListener).listen(443);

However what if I have a multiple domain certificate plus another certificate for a single domain, how would the SNICallback and the getSecureContext functions be configured to have each domain name use the correct certificate?

I think the server certificate should be the same for both PFX files since they are on the same server so I'm using only the first PFX file (for domain1) as the server certificate.

I've tried changing the secureContext object like this:

var secureContext = {
    'domain1': getSecureContext('domain1'),
    'domain2': getSecureContext('domain2'),
    .
    .
}

This gives me the error "listen EACCES'.

In my specific situation I have two SSL certificates. One is an extended validation certificate for one domain name, and the second is a multiple domain certificate supporting five domain names.

I've found it very difficult to debug the EACCES error. There doesn't seem to be more detail as to what is causing the EACCES. Is my configuration wrong, is there a problem with the certificates? I do know that these certificates work correctly when I use them in IIS running an IIS server (instead of a node.js server) on the same Windows 2008 R2 server.

I would like to stay with a pure windows and node.js configuration. (Not nginx, iisnode or any other libraries if possible).

like image 576
ciso Avatar asked Oct 19 '22 19:10

ciso


1 Answers

Solved it. The EACCES error was due to my not listing all the sites that need to use the two certificates. Since I was testing, I only was working with two site names, but the multi-domain certificate includes some other sites. Each site needs to be listed as below. Otherwise one or more of the sites will not have a certificate associated with it causing the EACCES error.

var secureContext = {
    'domain1': getSecureContext('domain1'),
    'domain2': getSecureContext('domain2'),
    'domain3': getSecureContext('domain2'),
    'domain4': getSecureCOntext('domain2')
}
like image 182
ciso Avatar answered Oct 22 '22 13:10

ciso