Securing Node.js apps with SSL/TLS
4 min readJan 13, 2019
It’s time! No more procrastination and poor excuses. Let’s secure our Node.js Apps.
I have just launched DavisonPro.dev. A standalone blog where I write about Javascript, Web development and software development.
In this article, I am going to walk you through a practical example of how to install SSL certificates to your Express.js server.
Let’s start with a short review.
SSL, TLS, HTTPS
Let’s start with a quick recapitulation of protocols that allows you to secure your client-server connections.
- SSL stands for Secure Sockets Layer. It was developed in mid-90ties by Netscape and was quickly superseded by TLS.
- TLS stands for Transport Layer Security. It is a standard maintained by IETF and addresses many shortcomings and security vulnerabilities of the SSL protocol.
- Both SSL and TLS operate at the level of TCP socket streams, they provide means for switching a plaintext stream into a fully encrypted channel.
- HTTPS, or HTTP Secure, is a combination of HTTP protocol communicating over a SSL/TLS channel.
We’ll be using OpenSSL to generate all of our certificates.