All Products
Search
Document Center

Simple Application Server:Install an SSL certificate in the Node.js runtime environment

Last Updated:Jan 30, 2024

If a domain name is bound to your simple application server, you can set HTTPS access to the domain name. This way, you can convert the data transmission protocol from HTTP to HTTPS at a low cost and implement authentication and encrypted data transmission of websites. This prevents data tampering or leaks during data transmission. This topic describes how to install an SSL certificate on a simple application server and enable HTTPS access to the server. A simple application server on which the Node.js runtime environment is installed is used in this topic.

Prerequisites

  • A domain name is purchased. For more information, see Register a domain name on Alibaba Cloud.

  • If your simple application server is located within a region inside the Chinese mainland, you must obtain an Internet content provider (ICP) filing for the domain name that is bound to your simple application server. For more information, see What is an ICP filing?

  • The domain name is bound to the simple application server and is resolved. For more information, see Bind and resolve a domain name.

Background information

Node.js is a platform built on the JavaScript runtime of Chrome V8 for easily building fast and scalable network applications. Node.js uses an event-driven and non-blocking I/O model that makes it lightweight and efficient. Node.js is ideal for data-intensive real-time applications that run on distributed devices. For more information, see Official Node.js website.

After you apply for and purchase a certificate and deploy the certificate to your web server by using Alibaba Cloud Certificate Management Service, the web service transfers data over HTTPS. If HTTPS is used, an encrypted channel over SSL is activated to transmit data from a client browser to the web server. This enables unidirectional encrypted transmission and prevents data in transmission from being tampered with or intercepted. HTTPS transmission is an essential feature of Apps, mini programs, programs, and controls to be published in App Stores or application ecosystems. HTTPS transmission can bring the following benefits to websites:

  • Security compliance: HTTPS transmission allows websites to meet the requirements of App Stores or application ecosystems.

  • Encrypted transmission of network data: HTTPS transmission encrypts data communication between users and websites to prevent transmitted data from being intercepted, tampered with, and listened on and ensure the security of transmitted data.

  • High website security: HTTPS transmission prevents phishing events. When a user visits the website, the browser prompts that the website is secure and trusted, which can improve the credibility, access traffic, and search ranking of the website.

For more information, see What is Certificate Management Service?

Step 1: Create a Node.js simple application server

  1. Log on to the Simple Application Server console.

  2. In the left-side navigation pane, click Servers.

  3. Click Create Server in the upper-right corner of the Servers page. On the buy page of simple application servers, configure parameters to create a simple application server.

    For more information, see Create a server.

    In the Image section of the buy page, select the Node.js 16.5.0 application image on the Apps Image tab.

Step 2: Purchase an SSL certificate

Purchase a certificate

  1. Log on to the Certificate Management Service buy page.

  2. Select specifications for the certificate that you want to purchase based on your business requirements.

    The following table describes the parameters. For more information about the parameters, see Purchase an SSL certificate.

    Parameter

    Description

    Brand

    Select a brand for the certificate. The brand is the CA that issues certificates to you. In this topic, Digicert is selected.

    For more information about certificate brands, see Select an SSL certificate.

    Certificate Specifications

    Select a certificate type for the certificate. In this topic, OV SSL is selected.

    For more information about certificate types, see What is Certificate Management Service?

    Certificate Type

    Select the type of the domain name that you want to bind to your certificate. In this topic, Single Domain is selected.

    Domain Names

    Default value: 1.

    Quantity

    Default value: 1.

    Service Duration

    Select the validity period of the certificate service. In this topic, 1 Year is selected.

  3. Click Buy Now and complete the payment.

Submit a certificate application

  1. Log on to the Certificate Management Service console.
  2. On the Manage Certificates tab of the SSL Certificates page, select Pending Application from the status drop-down list above the certificate list.

    This operation queries all purchased certificate instances for which no certificate applications are submitted.

  3. Find the certificate instance for which you want to submit a certificate application and click Apply for Certificate in the Actions column.

  4. In the Apply for Certificate panel, configure the parameters.

    The parameters that are displayed vary based on certificate types. Configure the parameters as prompted.

    For more information about the parameters, see Required information for certificate application.

  5. Submit your certificate application to the CA for review.

    After you configure the parameters, perform the following operations based on the type of the certificate that you want to apply for:

    • Domain validated (DV) certificate: Click Next, complete the verification of domain name ownership as prompted, and then click Submit.

      For more information about how to verify domain name ownership, see Verify the ownership of a domain name.

    • Organization validated (OV) or extended validation (EV) certificate: Click Submit.

    After you submit your certificate application, the following message appears. Make sure that the phone calls from the CA are properly answered and check the verification email at the earliest opportunity. The CA sends the verification email to your contact email address.提交审核提示

    After you submit the certificate application, if you want to modify the application information, you can withdraw the order, modify the information, and submit the order again.

    Note

    In most cases, the CA completes review and issuance within 1 to 2 business days after you submit a certificate application for a DV certificate.

Step 3: Configure the SSL certificate

After the certificate is issued, the value of Status for the certificate changes to Issued. You must download and configure the certificate. For more information, see Installation overview.

  1. Download the SSL certificate.

    1. On the SSL Certificates page, click the Manage Certificates tab, find the certificate that you want to download, and click Download in the Actions column.

    2. In the Download Certificate dialog box, download a certificate based on the server type.

      In this topic, download the NGINX certificate to use NGINX to forward data.

      Warning

      After you download the certificate, keep it properly to prevent your websites from being attacked due to certificate leaks.

      dasd

    3. After the package is decompressed, two files are displayed, as shown in the following figure.ada

  2. Use tools such as WinSCP to upload the .pem file that contains the private key of the certificate and the .key file to the specified directory of the simple application server. Example: /root.

  3. Connect to the simple application server.

    For more information, see Connect to a Linux server.

  4. Run the following command to create a project file named https_server_test.js:

    cd
    touch https_server_test.js
  5. Run the following command to modify the https_server_test.js file:

    vim https_server_test.js

    Press the i key to enter the edit mode and add the following content to the https_server_test.js file:

    // An https package is required to start the https service.
    // An fs package is required to read the files.
    const https = require('https');
    const fs = require('fs');
    
    // Read the certificate files and put them into the options object.
    // Use the readFileSync() method to read the files and start the https service.
    const options = {
        key: fs.readFileSync('/root/cert-file-name.key'),
        cert: fs.readFileSync('/root/cert-file-name.pem')
    };
    
    // Create a server, start the server, and set the listening port number for the server.
    https.createServer(options, (req, res) => {
        res.end('hello world\n');
    }).listen(443);

    Take note of the following requirements:

    • /root/cert-file-name.key: Enter the absolute path to which the private key file is uploaded.

    • /root/cert-file-name.pem: Enter the absolute path to which the SSL certificate file is uploaded.

    Important

    To ensure that the certificate can be configured and accessed over HTTPS, you must correctly configure the paths of the certificate files.

  6. After you add the preceding content, press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the file.

  7. Run the following command to activate the SSL certificate:

    node https_server_test.js
  8. Use a browser to access https://<Domain name of the simple application server>.

    • If a lock icon appears in the address bar of the browser, the SSL certificate is installed.sda

    • If the domain name is not accessible over HTTPS, check whether port 443 on the simple application server is enabled and not blocked by other tools. For more information about how to enable port 443, see Manage the firewall of a simple application server.