Create ssl / https server in nodejs

Sometimes there are needs to create https in your node application itself to create real life scenario or may be to test things like http/2 server push. Today I will show you how to create https server in node js, both with and without express.
I will also talk about ssl and what is the significance of it.

A small talk on https

With http or Hyper Text Transfer Protocol two computers (the client and the server) communicates without any encryption. However https means Hyper Text Transfer Protocol Secure and with this protocol the client and the server passes messages with encryption. This is to prevent any hacker to steal the user’s data in between.

A bit on ssl

If you know about https, I’m sure you’ve heard the term SSL too. SSL or Secure Sockets Layer is a standard security technology for establishing an encrypted link between a server and a client. So basically ssl has the key to encrypt or decrypt the informations.
Apart from a key, ssl also has a certificate. This certificate is used to verify your identity. A certificate can be self signed or signed by a CA (Certificate Authority).
Both self or CA signed certificates plays no role on encryption. If you have a self signed certificate, then also the https encryption will work great. But CA signed certificates are trusted. Those authorities are known to browser vendors and also other internet players. Thus, browsers and users will trust your site more if it’s signed by CA.

Create key and certificate

To get a signed by certification authority, you can use websites like godaddy, hostgator etc. And to generate a self signed certificate you can use the following way.

OpenSSL is a command line tool that can be used for generating ssl keys and certificates. In Mac and Linux it will be pre installed, but in windows probably you have to manually install it.

Anyway, assuming you have openssl installed in your machine, below is a command to generate key and certificate. After running the command, it will ask you couple of questions; just answer them.

Now that we have the private key and certificate with you; it’s time to use them in our node application. Remember you can generate the private key and certificate in any location of your computer. I am putting these two in the root folder.

Create an https node server

All you need to do is to use the module https instead of http to create the server; and pass the private key and certificate as options. And that’s it. Now you can access https://localhost:8000/. Remember as you are using self signed certificate and not from any CA, the browser will try to reject the connection. But you can anyway proceed to the webpage.

Do it with expressJS

About This Author

Hello! I am Paul Shan, a JavaScript Expert, Full Stack and DevOps Engineer cum Consultant based out of Bengaluru, India.

  • Lakshay Chhabra

    thanks buddy

  • Tapan Kumar Thapa

    Thanks. It helped and worked.

  • arsalan


    After following your instructions. I am getting following message:

    “Your connection is not private
    Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). Learn more

    “Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy”

    How do I solve it? Any help will be highly appreciated.

    Thanks in advance.

    • Bartosz K.

      Hi. Did you find solution of your problem? I got the same warning.

    • Paul Shan

      The ssl certificate is not a approved by any CA. It’s just self signed. As browsers don’t recognise you as any valid authority. Click on advance and test it.
      To avoid this completely you need to buy ssl certificates (comodo ssl, or there are free ssl as well in the internet).
      If you use a CA signed ssl, browser won’t show you the screen you mentioned.

  • Hey Paul,
    first of all, thank you very much for your tutorial! It helped me a lot to understand things. Unfortunately I do get a error “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” which comes in Chrome and Firefox. After googling a bit it says that SHA or TLS is old … but maybe it was due to an old OpenSSL lib I downloaded?