{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Summer. ? 凉城 的问题《Node.js https pem error: error:0906D06C:PEM routin》','https://www.manongdao.com/q-1220219.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I got myself this files from Certificate Authority:
- domain.com.p7b
- domain.com.crt
- domain.com.ca-bundle
And I tried this little code:
var express = require('express');
var app = express();
var fs = require("fs");
var https = require('https');
var privateKey = fs.readFileSync('domain.com.p7b').toString();
var certificate = fs.readFileSync('domain.com.crt').toString();
var ca_bundle = fs.readFileSync('domain.com.ca-bundle').toString();
var credentials = { key: privateKey,
ca : ca_bundle,
cert: certificate};
https.createServer(credentials,app).listen(8080, function () {
console.log('Example app listening on port 8080!');
});
After start script, I get the following error:
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
(err): Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
(err): at Error (native)
(err): at Object.createSecureContext (_tls_common.js:87:19)
(err): at Server (_tls_wrap.js:721:25)
(err): at new Server (https.js:17:14)
(err): at Object.exports.createServer (https.js:37:10)
(err): at Object.<anonymous> (/utec_temp/https/web.js:27:7)
(err): at Module._compile (module.js:435:26)
(err): at Object.Module._extensions..js (module.js:442:10)
(err): at Module.load (module.js:356:32)
(err): at Function.Module._load (module.js:311:12)
Most examples you can google on the Internet use self-signed certificates , but what happend when I work in a real environment?
My little code works in development with self signed keys , as in this example:
https://stackoverflow.com/a/24283204/3957754
I researched and I found this:
https://www.namecheap.com/support/knowledgebase/article.aspx/9705/0/nodejs
http://www.backwardcompatible.net/155-Setting-up-real-SSL-Nodejs-Express
Node.js https pem error: routines:PEM_read_bio:no start line
but I could not correct the error.
Also I reduced to one file :
var credentials = {cert: certificate};
And the error is the same. So I thought that maybe a format error from windows to unix. I used dos2unix tool and the error is the same.
My node version is 4.4.7
Any help is appreciated.
Thanks in advance!
UPDATED
When you are working with https certificates, domains or subdomains, forgot the technology used to develop the application.
Node.js, java, python and other decent languages has libraries to publish a secure https endpoint loading your purchased or self-signed certificates. But this is not the right way due to. For example : Development team will have problems to star up the application, because the source code needs the certificates and other configurations.
For a clean, maintainable and scalable architecture, DONT MODIFY YOUR SOURCE CODE and leave this work or complexity to apache , nginx, haproxy or some load balancer:
apache 2.2 example
SSLCertificateFile /some/folder/certificate.crt
SSLCertificateKeyFile /some/folder/initial.key
SSLCertificateChainFile /some/folder/certificate.ca-bundle
nginx example
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
...
}
This kind of complexity must be transparent for the development team and should be managed by sysadmin,infrastructure or another teams related to networks of your company.
I little late but I hope this helps.
If someone have work with this files : pb7, crt,ca-bundle and have this error:
This would mean that this files are wrong, corrupt or was requested for another environments (windows for example) as this post says:https://serverfault.com/a/317038
So the solution in my case was request for a new certificates and in the especifications , put the following:
Also is important save the key with which the csr was created and sent to the certificator provider(I called initial.key).
Example http://www.backwardcompatible.net/155-Setting-up-real-SSL-Nodejs-Express
Finally , your provider will send you a zip with several files. You only need a .crt file for your node app:
Note : certificate.ca-bundle and certificate.crt files must be sent by certificator provider.
HTH