Running your web server without SSL can create the impression that your content is not secure. Chrome shows a nasty “Not Secure” note next to your domain. It sucks.

But it only takes 30 minutes of your time to start serving via HTTPs on a Node/Express server. Just follow the instructions in this SSL tutorial.

SSL Connections via HTTPS Protocol

**SSL **encrypts outgoing and incoming data between client and server. This helps provide increased security for data such as_ credit card numbers_, emails and passwords. With HTTP protocol, the data is sent as-is. (Perhaps, it may have been compressed, but not really encrypted by an encryption algorithm.)

This is important because unless you implement SSL the data sent to the server is not secure. Also Chrome and other browsers will display “Not Secure” message next to your domain name which might prevent users from buying your products.

Luckily for us Node already has a module called https:

// Import the https module
let https = require("https");

// Choose port based on whether we're on
// loaclhost or production server
const port = process.env.node_env === 'production' ? 443 : 3000;
// Link to generated certificate files
// (replace example.com with your own domain name)
// (see how to generate them later in this tutorial)
const key = `/etc/letsencrypt/live/example.com/privkey.pem`;
const cert = `/etc/letsencrypt/live/example.com/fullchain.pem`;
const options = {
    key: fs.readFileSync(key),
    cert: fs.readFileSync(cert)
};
https.createServer(options, function(request, response) {

    /* Your SSL server is running */

    /* Of course here... you would write your API implementation */

}).listen(port);

#javascript #security #ssl-certificate #web-development #ssl