Home > Net >  Node.js Which is the better way to implement server ssl certificate
Node.js Which is the better way to implement server ssl certificate

Time:09-20

I see that there are two ways to add server ssl certificate with Node.js

First:

  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem'),
  ca: [ fs.readFileSync('client-cert.pem') ]
};

var server = tls.createServer(option);
server.listen(8000, function() {
  console.log('server bound');
});

Second:

  pfx: fs.readFileSync('server.pfx')
};

var server = tls.createServer(options);
server.listen(8000, function() {
  console.log('server bound');
});

Currently i am using the second option, but I am asked to change it first. I want to understand what are the advantages/disadvantages by changing it to the first option.

CodePudding user response:

None is better. The Pfx file is a PKCS#12 archive, it contains the server's certificate and private key as well as some certificate authorities (used to decide if a client certificate is valid). Pfx files are password protected, but since Node.js has to be able to read the file, you have to provide the password, so it's not really more secure.

I would say that the best option is not to use TLS in Node.js at all because it is quite slow and to put your application behind an SSL proxy (Nginx for example) which is much more efficient.

  • Related