Express HTTPS server with self-signed certificate

How to create a self-signed HTTPS certificate for Node.js to test the application locally

In order to be able to provide site services on HTTPS through the local host, you need to create a self-signed certificate.

The self-signed certificate is sufficient to establish a secure HTTPS connection for development purposes. Although the browser will complain that the certificate is self-signed (and therefore not trusted).

To create a certificate, you must haveOpenSSLInstall on your system.

You may already have it installed, just try to typeopensslIn your terminal.

If this is not the case, on a Mac, you can usebrew install openssl(If you useHouse wine). Otherwise, search for "how to install openssl in the following location" on Google".

Once OpenSSL is installed, run the following command:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

You will be prompted to answer some questions. The first is the country name:

Generating a 1024 bit RSA private key
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:

Then your state or province:

State or Province Name (full name) [Some-State]:

Your city:

Locality Name (eg, city) []:

…And your organization’s name:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:

You can leave all of these blank.

Just remember to set it tolocalhost:

Common Name (e.g. server FQDN or YOUR name) []: localhost

...And add your email address:

Email Address []:

That's it! Now you have 2 files in the folder where you ran the original command:

  • server.certIs a self-signed certificate file
  • server.keyIs the private key of the certificate

Both of these files are required to establish an HTTPS connection, and depending on how you set up the server, the process of using them will be different.

These files need to be placed in a location accessible by the application, and then you need to configure the server to use them.

This is usinghttpsCore modules and Express:

const https = require('https')
const app = express()

app.get(’/’, (req, res) => { res.send(‘Hello HTTPS!’) })

https.createServer({}, app).listen(3000, () => { console.log(‘Listening…’) })

If I connect to, there is no need to add a certificatehttps://localhost:3000This is what the browser will display:


With the certificate:

const fs = require('fs')

//… https.createServer({ key: fs.readFileSync(‘server.key’), cert: fs.readFileSync(‘server.cert’) }, app).listen(3000, () => { console.log(‘Listening…’) })

Chrome will tell us that the certificate is invalid (because it is self-signed) and will ask us to confirm before proceeding (however, HTTPS connections can still be used):


Download mine for freeExpress.js manual

More crash tutorials: