Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node socket.js doesn't work with SSL when key has a passphrase #276

Closed
uLow opened this issue Oct 19, 2016 · 3 comments
Closed

node socket.js doesn't work with SSL when key has a passphrase #276

uLow opened this issue Oct 19, 2016 · 3 comments
Labels
Bug

Comments

@uLow
Copy link
Contributor

uLow commented Oct 19, 2016

Hi there!
I'm trying to run node socket.js as daemon with SSL certificate, but it's asking for certificate PEM password, so i can't start it like node socket.js & or using supervisord.

Could you advice how to achieve that?
@REBELinBLUE
Copy link
Owner

You'd need to remove the password from the key https://futurestud.io/tutorials/how-to-remove-pem-password-from-ssl-certificate

@uLow
Copy link
Contributor Author

uLow commented Oct 20, 2016

Of course it's not a solution. Since my company is under PCI DSS licence, we can't remove password from the key. Is there another workaround?

@REBELinBLUE
Copy link
Owner

Edit

https://github.com/REBELinBLUE/deployer/blob/master/socket.js#L20

and add passphrase to the object, i.e so you have

    var ssl_conf = {
        key:  (process.env.SOCKET_SSL_KEY_FILE  ? fs.readFileSync(process.env.SOCKET_SSL_KEY_FILE)  : null),
        cert: (process.env.SOCKET_SSL_CERT_FILE ? fs.readFileSync(process.env.SOCKET_SSL_CERT_FILE) : null),
        ca:   (process.env.SOCKET_SSL_CA_FILE   ? fs.readFileSync(process.env.SOCKET_SSL_CA_FILE)   : null),
       passphrase: 'mypassword'
    };

https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener

That seems rather ridiculous to me personally as that means the password is being stored on disk in plaintext 😧

I'll see about add a SOCKET_SSL_KEY_PASSPHRASE option

@REBELinBLUE REBELinBLUE added this to the 0.0.39 milestone Oct 21, 2016
@REBELinBLUE REBELinBLUE changed the title node socket.js with SSL node socket.js doesn't work with SSL when key has a passphrase Oct 23, 2016
REBELinBLUE added a commit that referenced this issue Oct 23, 2016
@REBELinBLUE
Merge branch 'master' into release
da58420 
* master: (42 commits)
  Updated CHANGELOG
  Fixes #273 by not copying the shared folder/file from the release if it has already been copied
  Re-added postgres env
  Testing only 1 env
  Test
  Test
  Changed cat command for travis
  Fix code climate issues
  Changed build image
  Fixes #275 by checking that the --no-suggest option exists before attempting to use it
  Fixes #276 - Allows the passphrase for the private key to be set
  Fixed missing reason of rollback (#270)
  Updated dependencies
  Updated dependencies
  Update README.md
  Update README.md
  Update README.md
  Update README.md
  Last chance
  Setting a random JWT
  ...
@REBELinBLUE REBELinBLUE removed this from the 0.0.39 milestone Sep 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@uLow @REBELinBLUE