Https server and SSL certificate

In order to run our app we had to satisfy Google's requirement for https connection. Although Google only "recommends" https over http, we found various errors when using http. So we had two options:

• Buy an SSL certificate from a certicate authority such as DigiCert.com. The cheapest certificate they offer is $175 for one-year agreement
• Build our own SSL certificate for free.

Naturally, we decided to build our own SSL certificate. The app now works, but the first time a user loads the page he will receive a warning from his browser. The warnings differ between browsers, but they all have the same point - SSL certificate is not verified by a certificate authority. The browser sees an https connection but it doesn't like when you don't buy a certificate from companies like DigiCert.com

Inside server.js file you'll find the following code:

        var options = {
          cert: fs.readFileSync('client-cert.pem'),
          key: fs.readFileSync('client-key.pem')
        };

        var server = https.createServer(options, app);
      

client-cert.pem and client-key.pem are the SSL certificate and private key (both are required for https connection). That's why its important to run nodemon server.js from within the server folder, since certificate and key files are located inside server folder.

If you'd like to build your own certificate and private key, read how to create your own SSL certificate

Example warning in Google Chrome

When the warning shows (only on first page load) simply click 'SHOW ADVANCED' and then 'Proceed to...'