Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Node.js/Express.js Chain Certificate Not working

I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). I've put our intermediate and chain certificate in one .crt file. The chain + intermediate certificate is in the INT_CERT_FILE variable. It does not seem to work. I am using http://www.digicert.com/help, as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " to check, but it does not seem to be returning the intermediate + chain certificate.

Here's how I'm setting it up:

var fs = require("fs"); var https = require("https"); var express = require("express");  var KEY_FILE = fs.readFileSync("path/to/key/file.key"); var CERT_FILE = fs.readFileSync("path/to/crt/file.crt"); var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt");  var _app_https = express(); var _server_https = null;  _server_https = https.createServer({     key: KEY_FILE,     cert: CERT_FILE,     ca: INT_CERT_FILE }, _app_https).listen(443); 

When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. How can I fix this issue?

Thanks,

like image 407
darksky Avatar asked Sep 30 '13 21:09

darksky


People also ask

How do you fix a certificate chain issue?

To resolve the chain issue: Search your Certificate Authority's (CA) website to download their intermediate CA file. This file links all of the trusted CA certificates needed to reach the root certificate. When this Intermediate CA file has been downloaded, you must upload it to the LoadMaster.

How do I fix certificate chain is incomplete missing intermediate S?

How to Fix the Incomplete Certificate Chain Warning. To fix this issue, you need to modify/add an active intermediate certificate so if you are a Cloudways client then it is just a matter of copy and paste instead of running several commands on your server.


1 Answers

Does your intermediate certificate file contains multiple certificate blocks?

If that's the case you should split them into different files and read them one by one. You can pass them as an array to the ca parameter.

I've got it working with the code below:

var https = require('https'),     read = require('fs').readFileSync,     httpsOptions = {         key: read('ssl/mycertificate.key', 'utf8'),         cert: read('ssl/mycertificate.crt', 'utf8'),         ca: [             read('ssl/rapidssl_1.pem', 'utf8'),             read('ssl/rapidssl_2.pem', 'utf8')         ]     };  https.createServer(httpsOptions, function (req, res) {     // ... }); 
like image 65
Jeroen Moors Avatar answered Oct 02 '22 10:10

Jeroen Moors