This blog will teach you how to add a Comodo PositiveSSL Certificate to a Node/Express server.

Technologies

  • Express – v4.13.4
  • Node – v6.11.5
  • Comodo PositiveSSL
  • Digital Ocean
  • GoDaddy

Before reading further, your environment should have a Node server set up using ExpressJs listening at port 80(HTTP) and port 443(HTTPS) (Learn how to set up a Node/Express server) and upload this server on your Digital Ocean droplet. (Learn how to set up a droplet on Digital Ocean). There are _ steps to applying the Comodo PositiveSSL certificate to the server:

  1. Purchase a domain
  2. Purchase the cert from Comodo
  3. Activate the cert on Digital Ocean
  4. Apply the cert to server

1. Purchase a domain

To purchase a domain is one of the easier steps. Personally, I bought my domain from GoDaddy. You can create an account first then search for the domain or vice versa. After you search for your domain name, you should see something as follows:

 

Next steps are pretty intuitive so I’m not going to give you a step-by-step. After all the payments are done, you should see your domain under your account and you are done with step one.

 

Then click DNS to modify your Nameservers to redirect to Digital Oceans:

2. Purchase PositiveSSL Certificate from Comodo

From what I have seen, many people are introducing a free SSL certificate provider called Let’s Encrypt. I’m sure it works well for most but I assume there are people like me who are interested in using Comodo’s SSL certificates. Personally, I purchased the cheapest certificate to play around with, and that is the Positive SSL certificate.

To purchase the Positive SSL certificate, you simply sign up on their website, and click Add to cart next to the Positive SSL row under STANDARD DV SSL CERTIFICATES. After following the instructions and making the payment, you will be asked to provide the website’s domain and method of activation. Activation will be explained in the next section, but just select the CNAME option for now. Next, you will be asked to provide the CSR for the certificate. This can be done using their CSR generation tool, which should be a clickable link in the instructions above the text window. The CSR generation tool should appear in a new tab and it should be a straight forward form filling process. After that is done, store the generated private key at a safe and accessible location from your server, and copy and paste the public key to the previous tab where it originally asked you to provide the CSR.

3. Activate the cert on Digital Ocean

Activating the SSL certificate with Digital Ocean is very simple. At this point, your server droplet should be connected properly and you should be able to visit your site at your domain without a problem. After you purchased the SSL cert, you should received an order summary as follow:

The blurred lines are sensitive information which you should keep only to your self, but you do not need to store them anywhere since you will only need them to activate your SSL certificate. By following the instructions provided above, direct to your Digital Ocean account and click Networking from the top menu. Once the page loads, you can add your domain and it should redirect you to a DNS records management page. Select CNAME to create a record and copy and paste the Alias/Host Name and Point to link in the corresponding fields. Lastly, fill in 3600 for TTL and click Create record to complete the record creation. After 15-20 minutes, refresh your Comodo site and the status should change from pending to active, which means your SSL certificate is ready to be used.

4. Apply the cert to server

This is the final step to making your server secure with a SSL certificate! Once your SSL certificate is activated, you should receive an email from Comodo with all of your certificates (.crt files) in a zip file. I had a hard time transferring these certificates to the server but I was able to do it by using SFTP. Once you transferred these certificated to a safe an accessible folder, open your server.js file and populate the following field that you left blank from before.

var options = {
  key: fs.readFileSync('./ssl/private.key');,
  ca: [
    fs.readFileSync('./ssl/AddTrustExternalCARoot.crt'),
    fs.readFileSync('./ssl/COMODORSADomainValidationSecureServerCA.crt'),
    fs.readFileSync('.ssl//COMODORSAAddTrustCA.crt')
  ],
  cert: fs.readFileSync('./ssl/[your_domain_name].cert');
};

Now try starting your server again go to your domain in the browser and you should see the SSL certificate applied correctly!

Feel free to reach out to me with questions and suggestions!

2 Replies to “How to add Comodo PositiveSSL Certificate to a Node/Express server”

Leave a Reply

Your email address will not be published. Required fields are marked *