Friday, 16 June 2017

Node.JS - Unknown SSL protocol error

So I've been tinkering with HTTPS servers in Node.JS, and was following this thread: -


which has one create a public/private key pair, and then generate a self-signed certificate.

Having done this, I created a simple server: -

server.js 

var http = require('https');
var fs = require('fs');
 
var options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
};

var server = http.createServer(options, function(req, res) {
    res.writeHead(200);
    res.write('<p>Hello world!</p>');
    res.end();
});
 
var port = 10001;
server.listen(port, function() {
    console.log('server listening on port ' + port);
});

which I then started: -

node server.js 

server listening on port 10001

However, when I tried to connect to it: -

I got this: -

curl: (35) Unknown SSL protocol error in connection to localhost:-9838

and this: -


from Firefox, and this from Chrome: -


Thankfully, Google came to me aid - AGAIN !!

This post: -


suggested that the problem might be that the key length, of the private key, is wrong.

I checked: -

openssl rsa -in key.pem -text -noout

which reported: -

...
Private-Key: (512 bit)
...

I validated this by checking the certificate: -

openssl x509 -in cert.pem -text -noout

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            89:66:62:89:72:dd:66:ff
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
        Validity
            Not Before: Jun 16 15:14:36 2017 GMT
            Not After : Oct 31 15:14:36 2044 GMT
        Subject: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:d3:fc:99:16:f7:a0:2a:e5:a5:53:09:55:7e:5f:
                    63:f3:d6:98:92:39:56:7c:71:fb:ca:5f:75:af:c4:
                    1f:78:d8:a3:23:1a:ca:e2:d5:f1:a6:43:61:2b:51:
                    e8:39:f5:43:77:4a:59:ae:8c:f5:22:a3:82:51:52:
                    45:12:c2:bf:95
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        c9:76:2b:eb:c6:39:ad:ce:3d:0c:cb:8d:28:26:95:82:68:c4:
        cb:e6:06:fa:62:62:b8:ea:8d:13:47:7f:92:c4:0c:e6:d1:97:
        1c:ec:f1:01:e5:63:be:e5:f4:f4:cd:09:76:3f:55:75:72:2a:
        d2:c3:58:2a:c6:1f:64:50:ae:60


I regenerated the key pair: -

openssl genrsa -out key.pem 2048

and then regenerated the certificate: -

openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem


and validated the key: -

openssl rsa -in key.pem -text -noout

Private-Key: (2048 bit)
...

and the certificate: -

openssl x509 -in cert.pem -text -noout

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            aa:3b:0b:19:b8:7c:e5:42
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
        Validity
            Not Before: Jun 16 15:28:55 2017 GMT
            Not After : Oct 31 15:28:55 2044 GMT
        Subject: C=GB, ST=Hampshire, L=Winchester, O=IBM, OU=Cloud, CN=Dave Hay/emailAddress=david_hay@uk.ibm.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):

...

I then restarted my server

node server.js

and tested: -


<p>Hello world!</p>

and now Chrome is happy: -


and Firefox is happy: -


Obviously both browsers mark me down for using a self-signed certificate, but I can live with that.

I've since turned my Node.JS server into a Node module, and deployed it to WebSphere Liberty Profile and the IBM Node.JS runtime, as part of an IBM API Connect test ...

No comments: