How Do You Create a Certificate Signing Request (CSR) File and Set up an HTTPS Server for Basic Testing?

Problem scenarios
This is a two-in-one posting.  The same solution works for two different problem scenarios.

Problem scenario A
You want to create a certificate signing request permissions file (a csr.pem) to learn more about it.  You also want to try to use HTTPS as a test.  How do you do these things?

Problem scenario B
You want to implement a solution with TLS.  You want to test out an example to be able to know what it is like beyond theory and reading about it.  You find many articles on the internet to be old.  How do you use TLS?

Solution
1.  Install Node.JS on a Linux server.  You need a Linux server that is not blocking port 8000 with at least 1 GB of RAM.  Use these directions to install Node.   You do not need a web server (like Apache web server or Nginx) to be installed.  

2.  Go to any given directory on the Linux server.  Run these four commands and respond to their prompts as you see fit*:

sudo openssl genrsa -out key.pem
sudo openssl req -new -key key.pem -out csr.pem
sudo openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
sudo rm csr.pem

3.  In the same directory create a new file named test.js with the following content:

var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
};

var a = https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8000);

// Code taken from https://docs.nodejitsu.com/articles/HTTP/servers/how-to-create-a-HTTPS-server/

4.  Run this command "node test.js"

5.  Open a second terminal to your Linux server.  Run this command:  curl -k https://127.0.0.1:8000

You'll see "hello world".  You are now done. Be advised that the -k flag defeats the ssl certificate requirement. From the client server you could upload the .crt file to /etc/ssl/certs/ca-certificates.crt. Then the -k flag should not be necessary with the curl command to access the JavaScript web page.

6.  Optional step if you do not want to do step #5:
You can open a web browser and go to this url (where x.x.x.x is the external IP address of the Linux server):  https://x.x.x.x:8000
In Chrome you will have to click "Advanced" to accept an exception as the certificate will not be valid.

You'll see "hello world".

*  OpenSSL (or openssl commands) use TLS.  The openssl man page (as taken from a Linux server) says this: "OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them."

Leave a comment

Your email address will not be published. Required fields are marked *