Securing Node.js apps with SSL/TLS

Davison Pro
4 min readJan 13, 2019

It’s time! No more procrastination and poor excuses. Let’s secure our Node.js Apps.

SSL node js

I have just launched DavisonPro.dev. A standalone blog where I write about Javascript, Web development and software development.

In this article, I am going to walk you through a practical example of how to install SSL certificates to your Express.js server.

Let’s start with a short review.

SSL, TLS, HTTPS

Let’s start with a quick recapitulation of protocols that allows you to secure your client-server connections.

  • SSL stands for Secure Sockets Layer. It was developed in mid-90ties by Netscape and was quickly superseded by TLS.
  • TLS stands for Transport Layer Security. It is a standard maintained by IETF and addresses many shortcomings and security vulnerabilities of the SSL protocol.
  • Both SSL and TLS operate at the level of TCP socket streams, they provide means for switching a plaintext stream into a fully encrypted channel.
  • HTTPS, or HTTP Secure, is a combination of HTTP protocol communicating over a SSL/TLS channel.

We’ll be using OpenSSL to generate all of our certificates.

Setting up the folder structure

--

--