Mike Warren Mike Warren - 3 months ago 19
Node.js Question

Giving Node.js access to certificate/private key

I am trying to use HTTPS on my Node.js app, just as it is already enabled for anything else. I have the keys and certificates already installed, but I get a

Error: EACCES, permission denied
when I tried to point to them on the app.

Both the key and the certificate are in subfolder of
/etc/pki/tls
, and I attempted pointing to them like this:

var privateKey = fs.readFileSync('/etc/pki/tls/private/serverKey.key').toString(),
certificate = fs.readFileSync('/etc/pki/tls/certs/2_mikewarren.me.crt').toString();

var options = {
key: privateKey,
cert: certificate
}


Do I need to adjust the permissions of the keys and certificates (via
chown
)? If so, is it safe to do?

Answer

I got my code access.

What I did

  1. created new user group called certAccess
  2. added myself to certAccess by saying sudo useradd ec2-user -G certAccess
  3. added root user (who was the only user with access to those files) to certAccess
  4. changed the owner of the private key: sudo chown ec2-user.certAccess /etc/pki/tls/private/serverKey.key

Testing...

To test, I simply print options to the console, right after using it. Indeed, I saw the contents of private key and certificate (try it yourself). I also restart httpd server, and requested static files. I saw them, protected with TLS, without fault.

Comments