create a trusted self-signed SSL cert for localhost (for use with Express/Node)

The answers above were partial. I've spent so much time getting this working, it's insane. Note to my future self, here is what you need to do:

I'm working on Windows 10, with Chrome 65. Firefox is behaving nicely - just confirm localhost as a security exception and it will work. Chrome doesn't:

Step 1. in your backend, create a folder called security. we will work inside it.

Step 2. create a request config file named req.cnf with the following content (credit goes to: @Anshul)

req.cnf :

[req]distinguished_name = req_distinguished_namex509_extensions = v3_reqprompt = no[req_distinguished_name]C = Country initials like US, RO, GEST = StateL = LocationO = Organization NameOU = Organizational Unit CN = www.localhost.com[v3_req]keyUsage = critical, digitalSignature, keyAgreementextendedKeyUsage = serverAuthsubjectAltName = @alt_names[alt_names]DNS.1 = www.localhost.comDNS.2 = localhost.comDNS.3 = localhost

An explanation of this fields is here.

Step 3. navigate to the security folder in the terminal and type the following command :

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.pem -config req.cnf -sha256

Step 4. then outside of security folder, in your express app do something like this: (credit goes to @Diego Mello)

backend  /security /server.js

server.js:

const express = require('express')const app = express()const https = require('https')const fs = require('fs')const port = 3000app.get('/', (req, res) => {    res.send("IT'S WORKING!")})const httpsOptions = {    key: fs.readFileSync('./security/cert.key'),    cert: fs.readFileSync('./security/cert.pem')}const server = https.createServer(httpsOptions, app)    .listen(port, () => {        console.log('server running at ' + port)    })

Step 5. start the server, node server.js, and go to https://localhost:3000.

At this point we have the server setup. But the browser should show a warning message.

We need to register our self-signed certificate, as a CA trusted Certificate Authority, in the chrome/windows certificates store. (chrome also saves this in windows,)

Step 6. open Dev Tools in chrome, go to Security panel, then click on View Certificate.

Step 7. go to Details panel, click Copy File, then when the Certificate Export Wizard appears, click Next as below:

Step 8. leave DER encoding, click next, choose Browse, put it on a easy to access folder like Desktop, and name the certificate localhost.cer, then click Save and then Finish.. You should be able to see your certificate on Desktop.

Step 9. Open chrome://settings/ by inserting it in the url box. Down below, click on Advanced / Advanced Options, then scroll down to find Manage Certificates.

Step 10. Go to Trusted Root Certification Authorities panel, and click import.

We will import the localhost.cer certificate we just finished exporting in step 8.

Step 11. click browse, find the localhost.cer, leave the default values click next a bunch of times - until this warning appears, click yes.

Step 12. close everything, and restart chrome. Then, when going to https://localhost:3000 you should see:

Shortest way.Tested on MacOS, but may work similarly on other OS.

Generate pem

> openssl req -x509 -newkey rsa:2048 -keyout keytmp.pem -out cert.pem -days 365> openssl rsa -in keytmp.pem -out key.pem

Your express server

const express = require('express')const app = express()const https = require('https')const fs = require('fs')const port = 3000app.get('/', (req, res) => {  res.send('WORKING!')})const httpsOptions = {  key: fs.readFileSync('./key.pem'),  cert: fs.readFileSync('./cert.pem')}const server = https.createServer(httpsOptions, app).listen(port, () => {  console.log('server running at ' + port)})

• Open https://localhost:3000 in Google Chrome and you'll see that it's not secure. Yet!
• In Developer Tools > Security > View Certificate: Drag image to your desktop and double click it.
• Click 'Add'
• Find it in Keychain Access and double click it
• Expand 'Trust' and change 'When using this certificate' to 'Always trust'.
• You may be prompted to authenticate.
• Restart your server.
• Refresh your browser.
• Enjoy! :)

You can try openSSL to generate certificates.Take a look at this.

You are going to need a .key and .crt file to add HTTPS to node JS express server. Once you generate this, use this code to add HTTPS to server.

var https = require('https');var fs = require('fs');var express = require('express');var options = {    key: fs.readFileSync('/etc/apache2/ssl/server.key'),    cert: fs.readFileSync('/etc/apache2/ssl/server.crt'),    requestCert: false,    rejectUnauthorized: false};var app = express();var server = https.createServer(options, app).listen(3000, function(){    console.log("server started at port 3000");});

This is working fine in my local machine as well as the server where I have deployed this. The one I have in server was bought from goDaddy but localhost had a self signed certificate.

However, every browser threw an error saying connection is not trusted, do you want to continue. After I click continue, it worked fine.

If anyone has ever bypassed this error with self signed certificate, please enlighten.