Getting pfx file for nodejs https server from godaddy SSL certificate

Once the purchase of SSL certificate is made, go daddy goes through a process to generate the certificate.

Key thing that I did not realize earlier is that my web server (nodejs) requires the keys and certificates in a particular file format. I have decided to keep it simple and use the pfx file format. With this file format, all the keys are certificates are in one file. There are no multiple files to be managed.

The process to generate pfx file will be little different than I did in first go. Also, it is different if your development environment is not windows. In my case, it is a windows based laptop used as development environment.

Lets come to godaddy process to generate the certificate now. First, your identity needs to be verified by email being sent to the whois listing for your domain. This takes order of minute – its all automated – no human intervention. After that, it asks you for a CSR (Certificate signing request). If you are doing this first time – this is little tricky. There are multiple tools for doing this. In case of windows, it is best to use IIS7 admin console on your dev box. in my case, it is IIS7. This godaddy support link is quite helpful to do this.

At this stage, you have the CSR and paste it in your godaddy wizard. It asks few more questions. They are quite straight forward and also have help links which are helpful. Your certificate is generated and you can go to cpanel to download it. Need to select the web server as IIS7 even though in my case, it is nodejs web server. It is not in the list.

At this stage, you have the zip file containing a .crt file and .p7b file and you wonder how to get a pfx file out of it. You may be a geek but do not want to understand at the moment file format like .cer, .crt, .pem, .p7b, .pfx, know which file contains private key, which file contains public key, which contains both, certificate chains, intermediate certificates, certificate stores,  try various tools, read all the information on the net about tools including command line tools, and get on trial and error path to get a pfx file out of the files given by godaddy to you. I do want to get to all details but at the moment, I just wanted to get the web server https endpoint up at the moment. Again, IIS7 admin console and godaddy help link came to rescue.

After following the steps at the above mentioned help link, go to IIS7 admin console–> double click server certificates–> right click your domain certificate-> export -> provide pfx file name, and password to protect it. you get a pfx file.

come to your nodejs web server. pass it the pfx file name and the password as below.  start the node server. it works!

var config = require('config'),
    fs = require('fs'),
    https = require('https')

var options = {
    pfx: fs.readFileSync(config.certificate.pfxFileName),
    passphrase: config.certificate.passphrase,
};

https.createServer(options, function (req, res)
{
    ....
}).listen(443);

Note: this example does not dive into safe guarding your pfx and its password configurations on web server. To test, you can hardcode the values in config nodejs module. That will be another post some other day.

ps/ On a sidenote – I generate the CSR using bluehost (my web host) cpanel in first go and gave that to godaddy. I realized later there was no tool at bluehost to take the go daddy .crt, .p7b files and give me a .pfx file. Neither it let me export the private key created using bluehost cpanel to a file. it just showed the private key likely base64 encoded in a text box. I did not want to go through set of tools and understand various file formats. hence, I went back to IIS7 admin console route as mentioned above. Used the re-key command in go daddy cpanel and re-generated the certificate with CSR provided by local IIS7 web server.

Did it help you? Did you find a more smarter way to generate the pfx file from certificate files given by go daddy? Do you a different process flow when you used another certificate authority other than go daddy? Do share your findings through a link/comment.

Advertisements
This entry was posted in Web Services/APIs and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s