Skip to content

Instantly share code, notes, and snippets.

@deepakkoirala

deepakkoirala/README.md

Forked from anhldbk/README.md
Created August 31, 2019 19:57
Show Gist options
  • Save deepakkoirala/a5f8086484979e25c87695491f7bba73 to your computer and use it in GitHub Desktop.
Save deepakkoirala/a5f8086484979e25c87695491f7bba73 to your computer and use it in GitHub Desktop.
Download ZIP
TLS client & server in NodeJS
Raw
README.md

1. Overview

This is an example of using module tls in NodeJS to create a client securely connecting to a TLS server.

It is a modified version from documentation about TLS, in which:

  • The server is a simple echo one. Clients connect to it, get the same thing back if they send anything to the server.
  • The server is a TLS-based server.
  • Clients somehow get the server's public key and use it to work securely with the server

2. Preparation

We need to generate keys & certs for the server. Pay attention to Common Name (e.g. server FQDN or YOUR name) when creating server-csr.pem. It should be your domain name.

$ mkdir tls
$ cd tls
$ openssl genrsa -out server-key.pem 4096
$ openssl req -new -key server-key.pem -out server-csr.pem
$ openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem

For example:

$ openssl req -new -key server-key.pem -out server-csr.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:VN
State or Province Name (full name) [Some-State]:Hanoi
Locality Name (eg, city) []:Hanoi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Evolas Technologies
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:evolastech.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3. Run the demo

$ node server.js &
$ node client.js &

You may have following things printed out:

server bound
server connected unauthorized
client connected authorized
welcome!
Raw
client.js
const tls = require('tls');
const fs = require('fs');
const options = {
ca: [ fs.readFileSync('server-cert.pem') ]
};
var socket = tls.connect(8000, 'evolastech.com', options, () => {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('end', () => {
console.log('Ended')
});
Raw
sever.js
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem'),
rejectUnauthorized: true,
};
const server = tls.createServer(options, (socket) => {
console.log('server connected',
socket.authorized ? 'authorized' : 'unauthorized');
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(socket);
});
server.listen(8000, () => {
console.log('server bound');
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment