HTTPS

HTTPS is a "secure" version of HTTP. It uses SSL or TLS to encrypt the contents of HTTP. Traditionally it has been used for banking and other more sensitive content, now it's use is widespread.

Normally to serve pages with HTTPS you need to get certificate that verifies your identity from a Certificate Authority.

At ITP we purchased a "wildcard" certificate which can be used on any server that uses the itp.io domain. We'll need to create a NET-ID.itp.io DNS entry for each of you. This means that if you install and use our certificate (which I'll email) correctly, you can serve your pages via https://NET-ID.itp.io without hassle.

Down the road, you might want to checkout Let's Encrypt, a new service which provides free certificates. Using Let's Encrypt with Express

More about Public Key Cryptography: Public Key Cryptography: Diffie-Hellman Key Exchange

Using HTTPS with Express

Fortunately, node has a drop in replacement for the "http" library called "https". Here is a basic Express example:

var https = require('https');
var fs = require('fs'); // Using the filesystem module

var credentials = {
  key: fs.readFileSync('my-key.pem'),
  cert: fs.readFileSync('my-cert.pem')
};

// Start Normal Express Code
var express = require('express');
var app = express();

app.get('/', function(req, res) {
	res.send("Hello World!");
});
/////

var httpsServer = https.createServer(credentials, app);

// Default HTTPS Port
httpsServer.listen(443);