Welcome to Part 2 of this article. To understand this correctly, you can first go through part 1 here.
Let’s bring it all together by creating our own SSL certificate with node-forge and setting it up for local testing. This will give you hands-on experience with SSL configuration, which is used in web security.

Prerequisites
Before we begin, ensure you have:
Node.js installed on your system
Basic understanding of SSL concepts (covered in Part 1)
A code editor of your choice
Step 1: Setting Up Node.js and Installing node-forge
Before we start, ensure that Node.js is installed. Then, add node-forge to your project. This will let us generate cryptographic elements like keys and certificates. You can read more about node-forge here.
Step 2: Generating an SSL Certificate with node-forge
The following code will create a self-signed SSL certificate sufficient for local testing. A self-signed certificate is signed by the certificate’s private key rather than a trusted certificate authority.
Code Explanation
Generate Keys: Generate public and private keys.
Create a Self-Signed Certificate: Fill in basic certificate information, such as the common name (usually your domain name or localhost for testing).
Set the Certificate Validity: Define the certificate’s expiration date.
Sign the Certificate: Use the private key to finalise the certificate.
Certificate Generation Code
Make a file named index.js and then write this code on that.
let forge = require('node-forge');
const {generateKeyPairSync} = require('crypto');
const { type } = require('os');
const { format } = require('path');
const fs = require('fs');
const {publicKey , privateKey} = generateKeyPairSync('rsa' , {
modulusLength: 2048,
publicKeyEncoding: { type : 'spki' , format: 'pem'},
privateKeyEncoding: { type: 'pkcs8' , format: 'pem'},
});
const csr = forge.pki.createCertificationRequest();
csr.publicKey = forge.pki.publicKeyFromPem(publicKey);
csr.setSubject([{
name : 'commonName',
value :'localhost'
},{
name : 'countryName',
value :'India'
},{
name : 'organizationName',
value :'Vansh pvt ltd'
},]);
csr.sign(forge.pki.privateKeyFromPem(privateKey));
const pem = forge.pki.certificationRequestToPem(csr);
const cert = forge.pki.createCertificate();
cert.publicKey = csr.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
cert.sign(forge.pki.privateKeyFromPem(privateKey));
const pemCert = forge.pki.certificateToPem(cert)
console.log("certificate" , pemCert)
fs.writeFileSync('certificate.pem', pemCert);
fs.writeFileSync('privateKey.pem', privateKey);
You can get all this code here. (GitRepo Attached)
Run this Using
node index.js
Explanation of Code Sections:
Attributes: commonName should be set to localhost or the desired testing domain.
Validity Period: The notBefore and notAfter properties set the duration for which the certificate is valid.
Self-signing: Since this is a self-signed certificate, the setIssuer fields match the setSubject fields.
After running this script, you’ll see two files created:
certificate.pem: The self-signed certificate.
privateKey.pem: The corresponding private key.
Step 3: Testing the SSL Certificate on Localhost
To test our SSL certificate locally, we’ll use a basic HTTPS server with Node.js.
Here we are using HTTPS, not HTTP because it is now secured as we used an SSL certificate.
Create an HTTPS server:
const https = require('https');
const fs = require('fs');
// Load the self-signed certificate and private key
const options = {
key: fs.readFileSync('privateKey.pem'),
cert: fs.readFileSync('certificate.pem')
};
// Create an HTTPS server using the certificate and private key
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('Hello, this is a secure server!\n');
}).listen(8443, () => {
console.log('HTTPS Server running at https://localhost:8443');
});
Run this Server
node server.js
Access the Server
Open a browser and visit https://localhost:8443.
You may see a security warning since a trusted certificate authority doesn't sign this certificate, which is typical for self-signed certificates.
You will get a warning like this :

Security Warning Explanation
Since the certificate is self-signed, your browser will warn you that a CA doesn’t trust it. In a real-world scenario, certificates from trusted authorities prevent this warning.
Some Trusted Authorities are :
Cloudflare
zeroSSL
Namecheap
And many more…
SSL Certificate Breakdown
Common Name (CN): Identifies the certificate’s domain, typically set to localhost for local testing.
Expiration: The certificate is valid for one year from its creation.
Self-Signing: The certificate is signed by its private key, establishing it as self-signed.
We can check this information by clicking on the Certificate details. You can check everything there, including the Version, serial number, etc.
You can get all this code on GitHub Repo here.
Conclusion
By following these steps, you’ve successfully created and tested a locally self-signed SSL certificate! This provides insight into how certificates secure connections and how to implement SSL for personal projects or development.
In this guide, we’ve covered:
Now, you’re equipped with the essentials of SSL. Remember to obtain a certificate from a trusted CA for secure, publicly trusted connections for production projects.
Thanks For Reading!! Don’t Forget to Like and Share; you can comment on your doubts.
Comments