ssl certiifcate issue

Joseph Jean pierre
Joseph Jean pierre used Ask the Experts™
on
I have a file  from CA (certificate authority) .crt file with multiple BEGIN CERTIFICATE and END CERTIFICATE snippets inside.  I have a node js program to make my site https.
This program takes sslKey": "private-key.pem", sslCertificate": "lws-cert.pem". Now i assume i have the .crt file which can be renamed as lws-cert.pem and used in the program and what about private key ?
Am i missing something ? Is my aproach correct ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
when you create the certificate request using openssl The Private Key will also be needed prior to Configuring the Server. The Private Key would have been created at the same time as the CSR file and saved in the location specified during the creation process.   once you receive the certificate you then use openssl to import the certificate
https://www.digicert.com/blog/where-is-your-private-key/

I have no idea where node.js comes into play here as it is a function of the web server to serve the pages either as http or https
David FavorFractional CTO
Distinguished Expert 2018

Commented:
1) Your .crt file is only used to generate other files.

Some systems, like LetsEncrypt auto generates .crt files + you never even see them... unless you look deep...

2) You'll normally use 2x files.

fullchain.pem - contains your cert + all intermediary certs for a full issuance chain.

privkey.pem - private key

3) NodeJS - Below is a link you can use to setup NodeJS using LetsEncrypt. Just substitute in your files.

Note: If you use a private CA, then every visitor will have to say whether they trust your site or not, so only use a CA for toy/hobby projects. Use LetsEncrypt (free + real certs) for real/money projects.

https://advancedweb.hu/2018/07/24/letsencrypt-node/
David FavorFractional CTO
Distinguished Expert 2018

Commented:
I don't see a clear... fully correct certbot-auto invocation in any NodeJS + LetsEncrypt articles. Here's the command template I use...

certbot-auto certonly --no-self-upgrade --non-interactive --rsa-key-size 4096 --email $email --agree-tos --webroot -w $docroot -d $domain -d www.$domain

Open in new window


To renew certs whenever a renewal is required will be a CRON entry similar to...

0 1 * * * (echo '#####' && date && certbot-auto renew --non-interactive --post-hook "service apache2 reload") >> /var/log/ssl-renewals.log 2>&1

Open in new window


Where you'll change the apache reload to however you restart NodeJS to ingest a cert update.

Note: Another perk of LetsEncrypt is setup once + forget, as renewals happen via CRON, with no human intervention.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial