Use Windows Certificates with Node.js

Shira Rotman
4 min readAug 9, 2020

--

Recently, I wanted to configure a Node.js server to use HTTPS, and to run it on Windows 10. Node.js works with the format of the OpenSSL library for certificates, due to the fact that it’s used by most of the OSs, but of course Microsoft has to do everything differently and in an incompatible way to the rest of the market, so I had to find a way to convert a Windows certificate to the OpenSSL format. Since I couldn’t find a detailed explanation of all the steps needed in one place, I decided to write it myself, in hopes that people will find it useful.

  1. If you don’t have the certificate you want to use for the server, probably because you run it locally so you need a self-signed cert like I do, then of course you first have to create it. Follow this guide to do just that. Make sure to specify “localhost” as the DnsName parameter, otherwise it won’t be recognized as belonging to this host. FriendlyName can be whatever you want, and you can change the expiry date if you so desire. Of course, if you already have the cert, skip this step.
  2. Now that the cert is created and stored, you have to navigate to it. Start typing “certificate” in the search box on the task bar, until you see the option “Manage Computer Certificates”. Clicking it will open this window:

3. If you created a certificate as detailed in step 1, it’s supposed to reside in Personal/Certificates. To make browsers trust it (at least Chrome, Firefox will still complain), you have to copy it to the Certificates folder of the Trusted Root CAs directory. This is done in the same way as copying/pasting any other file in Windows.

4. In any case, now you need to export the cert to a file, so it can be used outside the Cert Store. Navigate to the cert (it will probably be in the Trusted Root CAs/Certificates folder, especially if you copied it there in the previous step. You can also use Action > Find Certs to search for it if you have trouble). Right-click it and choose All Tasks > Export.

5. On the Wizard window that just opened, click Next. Since Node requires the private key to use the cert, you must export it as part of the file, so choose the upper option.

6. In the next window, choose the PFX option if it’s not already selected, and uncheck the “Include all certs…” checkbox since you only need to export the cert you are going to use.

7. Since you chose to include the private key in the export, you must now enter a password to protect the file. Check the Password checkbox, fill the fields, and choose an encryption. In the next window, choose a name and path for the export file. Click Next and Finish the Wizard.

8. Now you have a PFX file of the cert, but you still need to convert it to the PEM format that Node uses. To do that, you’ll have to install OpenSSL. If you feel really geeky, you can download the sources from the OpenSSL downloads page and build them yourself, look here for instructions. Alternatively, you can download an installer from this page.

9. Simply follow this guide to extract the PEM files from the PFX. You’ll have to supply the password you entered in the Wizard to access the file. (Note: the link to the OpenSSL binaries there doesn’t work anymore). By the way, you could also create the cert with the library (and then you’d get the PEM files from the beginning), but it wouldn’t be saved in the Cert Store, which means browsers won’t trust it, as explained in step 3.

And that’s it! Now you have the PEM files Node requires, and you can use them to setup HTTPS! Happy Programming!

--

--

Shira Rotman
Shira Rotman

Written by Shira Rotman

I’ve been programming from age 10, love to learn and experiment new techs, very auto-didactic. Looking for a job!

No responses yet