

How to setup a secure private web server with node.js using SSL authorization - ExxKA
https://gist.github.com/ExxKA/5169211

======
yebyen
Good article! I had not considered requiring clients to have certificates, but
it seems that would be a prerequisite to having a private HTTPs/SSL enabled
server.

I read this and did not understand:

When you use the rogue certificate and rejectUnauthorized == false, you should
see a TLS error being printed on the console, remeber to set
rejectUnauthorized == true, to protect the web server.

Are you talking about if(!cleartextStream.authorized) part?

~~~
ExxKA
And thank you :)

~~~
yebyen
Sure! I would imagine the unsecured part would be useful for distributing
certs to new users or allowing them to sign up and request a certificate, in
the first place.

I have been missing a way that OpenVPN certs, configs, and instructions could
be distributed to users without obscuring their general usefulness as SSL
certs. Thanks!

------
ExxKA
Please let me know if you have any questions

