Is it Possible to Dynamically Return an SSL Certificate in NodeJS?

by

Yes, it is possible to do it with one server. But the caveat is that it works on clients that support SNI – which is most modern browsers.

This is how you do it:


    //function to pick out the key + certs dynamically based on the domain name
    function getSecureContext (domain) {
        return crypto.createCredentials({
            key:  fs.readFileSync('/path/to/domain.key'),
            cert: fs.readFileSync('/path/to/domain.crt'),
            ca: [
                fs.readFileSync('/path/to/CA_cert_1.crt'), 
                fs.readFileSync('/path/to/CA_cert_2.crt'), 
                // <include all CA certs that you have to> ... 
            ]
          }).context;
    }

    //read them into memory
    var secureContext = {
        'domain1': getSecureContext('domain1'),
        'domain2': getSecureContext('domain2'),
        // etc
    }

    //provide a SNICallback when you create the options for the https server
    var options = {
        SNICallback: function (domain) {
            return secureContext[domain];
        }, // SNICallback is passed the domain name, see NodeJS docs on TLS
        cert: fs.readFileSync('/path/to/server.crt'),
        key: fs.readFileSync('/path/to/server.key'),                
        }
    }

    //create your https server
    var server = require('https').createServer(options, [requestListener]);
    //using Express
    var server = require('https').createServer(options, require('express')());
    server.listen(<someport>);

This works because the options for https is similar to tls.createServer(). Make sure you include all required CA intermediate and root certificates in the crypto.createCredentials call. Also if you have a CA bundle, split them up into multiple single crt files before using them as ‘ca’ accepts an array of certificates.

More Related Contents:

  1. Ignore invalid self-signed ssl certificate in node.js with https.request?
  2. Error: unable to verify the first certificate in nodejs
  3. How to configure axios to use SSL certificate?
  4. create a trusted self-signed SSL cert for localhost (for use with Express/Node)
  5. receiving error: ‘Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN’ while using npm
  6. How do I setup a SSL certificate for an express.js server?
  7. Assigning a domain name to localhost for development environment
  8. Using Node.js as a simple web server
  9. Stop Mongoose from creating _id property for sub-document array items
  10. Execute Powershell script from Node.js
  11. Order of router precedence in express.js
  12. When is the thread pool used?
  13. How to change bower’s default components folder?
  14. How to modify the nodejs request default timeout time?
  15. node.js itself or nginx frontend for serving static files?
  16. How to consume npm modules from typescript?
  17. Firebase deploy errors starting with non-zero exit code (space in project path)
  18. What is non-blocking or asynchronous I/O in Node.js?
  19. Global Node modules not installing correctly. Command not found
  20. TypeScript tsconfig settings for Node.js 12?
  21. What is best way to handle global connection of Mongodb in NodeJs
  22. Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?
  23. Module request how to properly retrieve accented characters? � � �
  24. How to include external .js file to ejs Node template page
  25. socket.io force a disconnect over XHR-polling
  26. How to organise file structure of backend and frontend in MERN
  27. fs.createWriteStream does not immediately create file?
  28. nodeJS – How to create and read session with express
  29. What’s the difference between dependencies, devDependencies, and peerDependencies in NPM package.json file?
  30. How to limit upload file size in express.js

Leave a Comment