Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

node.js can i use multiple ssl certificates and keys for same project and how?

Tags:

node.js

express

ssl

i have my paypal ssl certificate for the paypal ipn added for my code like that and it working without any problems 

var httpsOptions = {
    key: fs.readFileSync('./app/certsandkeys/my-prvkey.pem'),
    cert: fs.readFileSync('./app/certsandkeys/my-pubcert.pem'),
    requestCert: true
    //pfx: fs.readFileSync('./app/certsandkeys/ssl/crt.pfx'),
    //passphrase:"password"
}

https.createServer(httpsOptions, app).listen(443,function (req,res) {
    console.log("server listening on port " + 443);
});

but what i need now is to certificating my whole site so i created an ssl cert and key using openssl (server.crt and server.csr and server.key ) but now i don't know how to add it beside the paypal ipn cert and key on httpsOptions

the only thing i found about something like that is this code from github issues 

var options = {
    key: [key1, key2],
    cert: [cert1, cert2],
    ca: caCert
};
var server = https.createServer(options);

so what's the right way for doing that ?

like image 980
shar Avatar asked Dec 31 '22 17:12

shar

1 Answers

Using different keys on the same server is handled by Server Name Indication (SNI) and requires different domain names for the different servers. This question shows how SNI would be used to create a different security context for the second domain name.

Changing that code for a key in the default context should look something like this:

const secondContext = tls.createSecureContext({
    key: [key2],
    cert: [cert2]
});


const options = {
    key: [key1],
    cert: [cert1],
    SNICallback: function (domain, cb) {
      if (domain === 'key2domain.example.com') {
         cb(null, secondContext);
      } else {
         cb();
      }
    }
}

It's not clear from the paypal docs you refer to whether paypal is having you set up an alternate domain for this IPN service URL. Instead, it looks like their process accepts a CSR to handle self-signed certs for IPN-only use and offers a payed signing of it to use it for user visible buttons, i.e. they offer their own CA service?

You can submit multiple CSRs on the same key, so you could try relying on a single private key and keep a certificate chain from a normal CA. But if they enforce usage of their own certificate chain, then you will probably need to create a separate (sub)domain for this usage to provide different chains with SNI.

like image 172
lossleader Avatar answered Jan 05 '23 15:01

lossleader
Sign in to Comment

Related questions

TypeOrm: Create a ManyToOne relationship using uuid data type for the keys instead of integer
Using package.json script to run another package.json script
How to change property of a record in db with cypress.io
What is second parameter in nodejs post method
How do I filter an array of arrays using an array?
Javascript how the better way to code nested callback?
To integrate ant-design with next.js
How to test a service with multiple constructor parameters in NestJS
How to use two different .eslintrc.json in VS Code?
AWS Lambda NodeJs unable to return response
How to exec into a container and view file if container is in CrashLoopBackOff state
Full page PDF in Puppeteer
Get all messages from AWS SQS in NodeJS
Error: EACCES: permission denied, mkdir when installing sth with npm
How to connect to a protected infura project with web3?
Why deployed serverless functions not displayed in list of lambda functions in AWS console?
Why JSZip can't create blob file?
what does express-async-handler do?
Docker + node.js: can't spawn phantomjs (ENOENT)
How do I ensure that all Jest tests have at least one expect?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!