HomeHome AutomationHow to add SSL certification to NodeRED

How to add SSL certification to NodeRED

All information in one place!

I’m playing with Alexa and Amazon AWS services. Frankly speaking, to get anything to work there is always something else that you need to do. Each time I spend more than an hour trying to figure something out I think it’s worth to write about in such way that will cut this time short to an absolute minimum.  This is how to add SSL certification to NodeRED. The quick way.

Adding SSL certification to NodeRED

Why it matters? Security. A lot of what I do works only on the local network, therefore, (as bad as it sounds) for the sake of easy prototyping, I’m keeping the security features to the minimum.  Playing with Alexa and Amazon AWS forced me to add the SSL certification to NodeRED server.

It will increase your security, but it will also change the way you do other things.

SSL certificates

The proper SSL certification will cost you money, but there is a free way.  As we all know, free comes with disadvantages  so:

  • certification is valid for X days (auto certification can be setup)
  • requires adding a certificate to each computer or going through a security alert
  • changes the way HTTP requests have to be done
  • changes the URL of your NodeRED

With that in mind, I have no choice if I want to write a skill for Alexa.

To add SSL certification to NodeRED, SSH into the Raspberry Pi and generate the keys:

openssl genrsa -out privatekey.pem 1024
openssl req -new -key privatekey.pem -out private-csr.pem

You will be asked to enter some details in the second step. Pay attention to Common Name field. This should be your NodeRED IP or a domain (external IP without the port or DNS if you use one).

openssl x509 -req -days 365 -in private-csr.pem -signkey privatekey.pem -out certificate.pem

Now you have 2 files generated in a root directory (unless you run the commands in another directory). The files are:

  • privatekey.pem
  • certificate.pem

Move it to another location, I stored mine in .node-red folder. It’s time to enable SSL certification and add a password to your server.

NodeRED security

Locate the .node-red folder on your Raspberry Pi. Mine was in:

home/pi/.node-red

Inside the folder, you should have the created before certification files and a settings.js config file. Open the config file and uncomment this section as below:

// The `https` setting requires the `fs` module. Uncomment the following
// to make it available:
var fs = require("fs");

Scroll down and uncomment few more lines. Please make sure that brackets are uncommented as well. You will see that you have to enter the path to the certification files created before. Make sure the path is correct.

// The following property can be used to enable HTTPS
// See https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
// for details on its contents.
// See the comment at the top of this file on how to load the `fs` module used by
// this setting.
//
https: {
   key: fs.readFileSync('/home/pi/.node-red/privatekey.pem'),
   cert: fs.readFileSync('/home/pi/.node-red/certificate.pem')
},

Now you have the SSL certification to NoderRED server. It’s time to set a password. Uncomment the following:

// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See https://nodered.org/docs/security.html for details.
adminAuth: {
	type: "credentials",
	users: [{
		username: "admin",
		password: "$2a$08_you_wont_know_my_password_pjze9c3m",
		permissions: "*"
	}]
},

Password settings are in the same file so don’t close it yet. The default access to is set to:

user= admin
psw=password

In the file, however, the password will be hashed. You can play about and hash your password inside the raspberry, but I used an online hash generator. Create a hash, then paste it inside the settings.js file.

You are almost ready to test this out. Restart the NodeRED:

node-red-stop
node-red-start

Once the server is up and running, and there were no errors from misplaced certificates, test it out. To access your server this time  you have to go to (remember HTTPS bit):

https://your_domain.com:1880

You should be greeted with a certificate warning. We will fix this in a second. Click advanced and proceed to an unsafe website. The NodeRED server will load the login page. Enter your details to access your user interface.

Adding SSL certificate to Chrome (or other browsers)

At some point, you will get annoyed by the prompt, so if you spend a few more minutes, you can add the SSL certificate to your browser.

Open the certification.pem file and copy the content to a text file on your computer.Save it using the same name. Then:

  1. Open Chrome settings page chrome://settings
  2. Search for “certificates”
  3. Select the certificate.pem you copied from your Raspberry Pi

You are ready to roll a new server with the SSL certificate to NodeRED. I should also mention that from now on https:// has to be added to all HTTP request, and that certificate must be trusted otherwise your web requests will fail.

PayPal

Nothing says "Thank you" better than keeping my coffee jar topped up!

Patreon

Support me on Patreon and get an early access to tutorial files and videos.

image/svg+xml

Bitcoin (BTC)

Use this QR to keep me caffeinated with BTC: 1FwFqqh71mUTENcRe9q4s9AWFgoc8BA9ZU

Smart Ideas with

Automate your space in with these ecosystems and integrate it with other automation services

client-image
client-image
client-image
client-image
client-image
client-image
client-image
client-image
client-image

Learn NodeRED

NodeRED for beginners: 1. Why do you need a NodeRED server?

0
To server or not to server? That's a very silly question!

Best Automation Projects

Tuya SDK for beginners: Intro to Tuya Cloud API

0
Working with Tuya Cloud API. A guide to Cloud automation for beginners, get started with REST!

NEST your old thermostat under $5

0
Nest-ing up your older thermostat under $5

Nora – Google Assistant in NodeRED

0
Integrate Google Assistant with NodeRED thanks to Nora - NodeRED home automation

DIY Smart Washing Machine – for about 15 bucks!

0
Learn how to add washing machine notifications to your Google Home on the cheap

Sonoff Zigbee Bridge – review

0
Sonoff line up will soon include Sonoff Zigbee Bridge and more Zigbee sensors - here is the first look

Smart Home

We’ve seen this before: SwitchBot K10+ PRO

0
This is an odd one. Building on the success of SwitchBot K10+ they released SwitchBot K10+ PRO - but is the experience actually better?

Is this the smart panel we have waited for?

0
ITEAD has released a new smart panel: Sonoff NSPanel Pro 120 - have they learned the lesson from the terrible launch of the original Pro? Let's see what's new.

Aqara FP1E detects motionless humans

0
This isn't exactly a new device, it's an interaction of the original Aqara presence sensor. Aqara FP1E brings Matter, ZigBee and new triggers to your smart home

SwitchBot S10: cleaning re-imagined!

0
SwitchBot S10 promises unattended vacuuming and mopping so you can focus on things you love and care for. Does it deliver?

Sonoff for households and gardens

0
ITEAD released two ZigBee devices to manage water in your household and gardens. Now you can monitor the flow and dispense water with Sonoff SWV and prevent water damage using the Sonoff Water Leak sensor with a twist.