Install own SSL for Secure Data Transmission

Install OpenSSL to generate private-key & server certificates request files.
For installing OpenSSL in windows.
https://tecadmin.net/install-openssl-on-windows

After completing the installation,

  1. Open Terminal/Command prompt window
  2. Create a private key using
    openssl genrsa -out privkey.pem 2048
  3. Create a certificate signing request (CSR) using your private key and is later transformed into a certificate
    openssl req -new -key privkey.pem -out server.csr
  4. After you run the command, it asked you to provide information that helps to identify your certificate.
    • Country Name : Use the two-letter code without punctuation for country. For example: US or CA.
    • State or Province Name : Spell out the state completely; do not abbreviate the state or province name. For example: California
    • Locality or City Name : The Locality field is the city or town name. For example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis.
    • Organization Name : If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll.
    • Organizational Unit Name : The Organizational Unit(OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter on the keyboard.
    • Common Name : The Common Name is the Host + Domain Name. It is fully qualified name for the system that uses the certificate. If you are using Dynamic DNS, your CN should have a wild-card.
  5. Now private key pair has now been created.

    6. Output Desk - SSL

  6. Moved the private key and CSR file to a centralize directory.
  7. Upload the CSR to the valid SSL certificate provider, like rabidssl, hostgator
  8. After validation, they will send server certificate file & intermediate certificate file. (Name that certificate file as “outputdesk.cer” and Intermediate certificate file as “intermediate.crt“)
  9. Copy the 2 files from Certificate provider & privkey.pem (generated by us)to SSL dir. To create SSL dir, please open “{Output Desk package installed folder}\public” & create a folder named “ssl”. Now, copy & paste the three files into the ssl folder that we created now. Please make sure that extensions are right in your end.

    10. Output Desk - SSL Certificate

  10. Finally, configure those files(“privkey.pem”,”outputdesk.cer”, “intermediate.crt”) in client.js file(File Path:{Output Desk package installed folder}\public\config) as mentioned below:
    // SSL config for HTTPS (Full Path)
    global.privateKey = “{Output Desk package installed folder}\public\ssl\privkey.pem”;
    global.certificate = “{Output Desk package installed folder}\public\ssl\outputdesk.cer”;
    global.intermediate1 =“{Output Desk package installed folder}\public\ssl\intermediate.crt”;
  11. Set your https port in global.httpsPort

    12. Output Desk - SSL Config

Troubleshooting SSL Installation Errors in Node.js

ERR_OSSL_PEM_NO_START_LINE

1. Description :
This error occurs during SSL/TLS setup in Node.js when one or more of the provided certificate files cannot be parsed correctly.

Error: error:0480006C:PEM routines::no start line
    ...
    {
      library: 'PEM routines',
      reason: 'no start line',
      code: 'ERR_OSSL_PEM_NO_START_LINE'
    }

Output Desk - SSL Error

2. Cause :
This error usually occurs due to one of the following reasons:

  • Incorrect Certificate Format: The certificate or intermediate file is not in Base64-encoded PEM format (must start with —–BEGIN CERTIFICATE—–).
  • Using a Wrong File Type: A .csr (Certificate Signing Request) file is mistakenly used instead of a .crt or .cer file.
  • Empty or Corrupted File: The file being read is empty, corrupted, or contains unexpected content such as an HTML error page or invalid encoding.
  • Incorrect File Path: The configuration points to a file that is not a valid certificate.
  • Swapped Files: The certificate and intermediate certificate file paths are mixed up or reversed.

3. Resolution :

  • Double-check the file paths used in your SSL configuration.
  • Ensure that the certificate and intermediate certificate files are correctly assigned.
  • Use the correct .crt or .cer files provided by your SSL vendor for both the domain certificate and the CA chain.
  • Restart your server after applying the corrected file paths.

4. Quick Fix :
If the error persists, it’s possible that the certificate and intermediate file paths were accidentally swapped.

  • Try interchanging the certificate and intermediate file paths in your code.
  • Restart the server and verify if the error is resolved.

  1 person found this article useful