How does getting a SSL certificate relates to my Node.js application?

Question

I have a Node.js application running on my Linode server and my server will need SSL.

I understand I need to purchase one, something like this: http://www.namecheap.com/ssl-certificates/comodo/essential-ssl-certificate.aspx

I understand I need to get a dedicated IP address and follow these instructions: http://library.linode.com/security/ssl-certificates/commercial

What I don't understand is how my Node application would know about this SSL certificate? Does my Node application care?

Answer 1

You should run a https server.

If you are running expressjs you can do something like this - using the certificate and key you get form your ssl provider.

var express = require('express')
  , fs = require("fs");

var privateKey = fs.readFileSync('security/privatekey.pem').toString();
var certificate = fs.readFileSync('security/certificate.pem').toString();  

// to enable https
var app = module.exports = express.createServer({key: privateKey, cert: certificate});

Hope that helps.

EDIT:

You can check out this link - this guy is using a standard node server implementation and not express. However i'm not sure if the security api has changed - this post is nearly 2 years old.

Answer 2

Your server needs to be configured with a certificate (and its private key) because it proves its identity to the users. The server certificate is presented to the browser during the TLS handshake, when the HTTPS connection starts.

This should only affect the configuration of the server itself. Actual application code served by the server needs not know about it (and probably shouldn't, so as to reduce the risks of leaking the private key via incorrect code).