Using certificates.cer with NodeJs HTTPS

Question

I have generated a .cer file for IOS push notifications and I would ike to use it with NodeJS HTTPS module.

The only examples I found for HTTPS module work with .pem and .sfx files, not .cer :

var options = {
  key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
  cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};

or 

var options = {
  pfx: fs.readFileSync('server.pfx')
}

https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8000);

Any solution ?

did you ever solve this properly? i am stuck at the same place at the moment — choli, Jun 07 '17 at 14:45
How did you solve this issue please tell us i am stuck on same place...thanks — Dexter, Dec 27 '17 at 06:17
@MohitJain did my answer work for you? If not, how did you generate your CSR? (https://stackoverflow.com/a/48068233/241294) — poida, Jan 03 '18 at 10:12

Itai Steinherz · Answer 1 · 2017-12-30T19:17:09.177

A .cer file can be encoded using two different formats: PEM and DER.

If your file is encoded using the PEM format, you could just use it like any other .pem file (more info on that can be found in the Node.js documentation):

const https = require("https");

const options = {
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.cer", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

If your file's encoded using the DER format, you first need convert it to a .pem file using OpenSSL (the command was taken from here):

openssl x509 -inform der -in cert.cer -out cert.pem

and then can use the above code with the cert filename being cert.pem instead of cert.cer:

const https = require("https");

const options = {
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.pem", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

In case you have the the key of the certificate authority that matches your cert.cer file, you can include it in the options argument of https.createServer as following (the code example assumes the file is name ca.pem and that it is encoded using the PEM format):

const https = require("https");

const options = {
    ca: fs.readFileSync("ca.pem", "utf8"),
    key: fs.readFileSync("key.pem", "utf8"),
    cert: fs.readFileSync("cert.pem", "utf8")
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end("Hello world");
}).listen(8000);

For more information about https.createServer and its arguments, check out the documentation.

Note: all of the options above assume that you also have a public key encoded in the PEM format named key.pem and that the .cer file is named cert.cer. If you don't have a public key, please comment or add it to the question itself and I will update my answer accordingly.

If you're unsure which format your file's encoded in, you could try both options see which one works out for you.

In order to get the .pem file, the .cer file must be signed with your private key. Only when you have the private key you are able to export the certificate (.cer) as a .pem file. If you are not the owner of the certificate, ask the owner to export it for you as a .pem. — Dog, Jan 02 '18 at 13:22

poida · Answer 2 · 2018-01-03T10:09:07.567

HTTPS/TLS encryption is asymmetric, there are two parts to make it work, a public key and a private key.

The .cer file you get from Apple Push Notification Services (APNS) after you have uploaded the certificate signing request (CSR) is the signed public key.

The location of the private key depends on how you generated it.

If you're on a mac and using the Apple Keychain application, it has the private key. Import the .cer public key back into Keychain. Then use the Export option to get a single password protected .p12 file that will contain both the private and public keys. See links [1] and [2].

In your node.js application, the exported .p12 file and password can be used as the pfx and passphrase options to https.createServer.

For example:

var options = {
  pfx: fs.readFileSync('./exported-cert.p12'),
  passphrase: 'password-that-was-set-on-export'
};

https.createServer(options, ...);

score 2 · Answer 3 · answered Mar 03 '14 at 13:00

This is an example using crt, you can convert a cer to crt in case it doesn't work:

var express  = require('express');
var app      = express();
var fs       = require('fs');
var https    = require('https');

var credentials = {
    ca: fs.readFileSync(__dirname+"/ssl/certificate.ca-crt", 'utf8'), //certificate concatenation or intermediate certificates
    key: fs.readFileSync(__dirname+"/ssl/mydomain.com.key", 'utf8'), //SSL key
    cert: fs.readFileSync(__dirname+"/ssl/certificate.crt", 'utf8') //the certificate
};

app.configure(function() {

    // set up your express application

});

var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);

Taken from here (in spanish): salvatorelab.es
You can also see examples of what those files (crt, ca-crt...) contain or look like.

score 2 · Answer 4 · answered Jan 02 '18 at 12:14

2

@Mohit, You can convert your cer to pem using command below.

openssl x509 -inform der -in certificate.cer -out certificate.pem

Source

answered Jan 02 '18 at 12:14

Tsimtsum

931
9
27

Using certificates.cer with NodeJs HTTPS

4 Answers4

Linked