Last active
March 22, 2018 06:47
-
-
Save waleedsamy/34f6b13c187d66b04c79 to your computer and use it in GitHub Desktop.
express js https server and client with self signed certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const request = require('request'), | |
fs = require('fs'), | |
path = require('path'), | |
ca = fs.readFileSync(path.join(__dirname, 'root-ca.crt')); | |
const options = { | |
url: 'https://127.0.0.1:3443/', // any @alt_names will work | |
agentOptions: { | |
ca: ca | |
} | |
}; | |
request(options, function(error, response, body) { | |
console.log(body); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var express = require('express'), | |
https = require('https'), | |
fs = require('fs'), | |
app = express(); | |
app.get('/', function(req, res) { | |
res.send('certified'); | |
}); | |
var options = { | |
key: fs.readFileSync('./ssl/xservice.key', 'utf8'), | |
cert: fs.readFileSync('./ssl/xservice.crt', 'utf8') | |
}; | |
https.createServer(options, app).listen('3005', '127.0.0.1'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#FQDN=$1 | |
FQDN=xservice | |
######## ROOT CA - ONLY ONCE ############ | |
openssl genrsa \ | |
-des3 \ | |
-out root-ca.key 2048 | |
openssl req \ | |
-x509 \ | |
-days 1024 \ | |
-new \ | |
-nodes \ | |
-key root-ca.key \ | |
-sha256 \ | |
-out root-ca.crt \ | |
-subj "/C=DE/ST=Berlin/L=Berlin/O=T GmbH/OU=NOC/CN=t.de" | |
######## END ROOT CA - ONLY ONCE ############ | |
######## FOR every service ################# | |
openssl req \ | |
-newkey rsa:2048 \ | |
-new \ | |
-nodes \ | |
-keyout ${FQDN}.key \ | |
-out ${FQDN}.csr \ | |
-subj "/C=DE/ST=Berlin/L=Berlin/O=T GmbH/OU=Team X/CN=${FQDN}" | |
openssl x509 \ | |
-req \ | |
-days 730 \ | |
-in ${FQDN}.csr \ | |
-CA root-ca.crt \ | |
-CAkey root-ca.key \ | |
-out ${FQDN}.crt \ | |
-CAcreateserial \ | |
-sha256 \ | |
-extfile v3.ext | |
######## FOR every service ################# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = localhost | |
DNS.2 = xservice | |
DNS.3 = xservice.green.svc.cluster.local | |
IP.1 = 127.0.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank you. You saved me having to dig out my old macbook to find a similar script I wrote years ago :)