Errors using Angular-CLI locally with --ssl true

[glangdonvt]

Please provide us with the following information:

1. OS? Windows 7, 8 or 10. Linux (which distribution). Mac OSX (Yosemite? El Capitan?)

Windows 10 Enterprise

1. Versions.
   angular-cli: 1.0.0-beta.10
   node: 6.2.2
   os: win32 x64
2. Repro steps. Was this an app that wasn't created using the CLI? What change did you
   do on your code? etc.

I created keys using makecert.exe and openssl to create the .key and .crt files.
I successfully set up a node server.js file to use those keys to serve an https web site. To set things in up node, I needed to add a 'passphrase' parameter like so:

var app = express();
var options = {
key: fs.readFileSync(__dirname + "\ssl\server.pem"),
cert: fs.readFileSync(__dirname + "\ssl\server.crt"),
passphrase: "mypassphrase"
};
https.createServer(options, app).listen(4001, function () {
console.log('Https server running on 4001...');
});

But when I use the same keys in ng server --ssl true, I get this error:

Error: error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read

I get the error whether I use the .pem file or the .key file, and there's no 'passphrase' parameter.

1. Stack Trace
   at Error (native)
   at Object.createSecureContext (_tls_common.js:88:19)
   at Server (tls_wrap.js:749:25)
   at new Server (https.js:26:14)
   at Object.exports.createServer (https.js:47:10)
   at Server.configure (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules\angular-cli
   \node_modules\tiny-lr\lib\server.js:49:27)
   at new Server (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules\angular-cli\node
   modules\tiny-lr\lib\server.js:36:8)
   at createServer (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules\angular-cli\nod
   e_modules\angular-cli\lib\tasks\server\livereload-server.js:19:14)
   at Class.module.exports.Task.extend.liveReloadServer (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth
   RCX_AUTH\node_modules\angular-cli\node_modules\angular-cli\lib\tasks\server\livereload-server.js:41:30)
   at Class.module.exports.Task.extend.listen (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\n
   ode_modules\angular-cli\node_modules\angular-cli\lib\tasks\server\livereload-server.js:46:23)
   at Class.module.exports.Task.extend.start (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\no
   de_modules\angular-cli\node_modules\angular-cli\lib\tasks\server\livereload-server.js:89:17)
   at Class.module.exports.Task.extend.run (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node
   _modules\angular-cli\node_modules\angular-cli\lib\tasks\serve.js:56:24)
   at D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules\angular-cli\node_modules\angu
   lar-cli\lib\commands\serve.js:64:24
   at lib$rsvp$$internal$$tryCatch (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules
   \angular-cli\node_modules\rsvp\dist\rsvp.js:1036:16)
   at lib$rsvp$$internal$$invokeCallback (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_m
   odules\angular-cli\node_modules\rsvp\dist\rsvp.js:1048:17)
   at lib$rsvp$$internal$$publish (D:\georg\Documents\Visual Studio 2015\Projects\RCxAuth\RCX_AUTH\node_modules
   angular-cli\node_modules\rsvp\dist\rsvp.js:1019:11)
2. The log given by the failure. Normally this include a stack trace and some
   more information.
3. Mention any other details that might be useful.

---

Thanks! We'll be in touch soon.

[filipesilva]

@TheLarkInn do we have ssl support on the webpack branch?

[TheLarkInn]

I believe dev server has SSL support but we may not have it hooked up.

[munsellj]

See also related #1874

[pauljlucas]

Because this issue is the easiest found when searching google im putting a temporary solution here until these prs are merged:

Go into node_modules/angular-cli/tasks/serve-webpack.js and add to the variable webpackDevServerConfiguration the following lines:

        cert: fs.readFileSync(process.cwd()+ '/ssl/server.crt', 'utf8'),
        key: fs.readFileSync(process.cwd()+ '/ssl/server.key', 'utf8'),
        https: true

The ssl folder in this example are at the head of my repo that are initialized with angular cli (the same level as src and node_modules). Any update to angular-cli or node module reinstall until this is fixed will wipe out these changes.

Also, i would add that this should be a higher priority seeing as there is already a fix ready and now that angular is released more people will be getting started and everyone should be developing with https with things like lets encrypt in the market.

[vdclouis]

any update on this @TheLarkInn ?
this would be really useful :)

[xmeng1]

After reviewing this PR #2792, I think it still not supports the passphrase for the key. Do we need and a new parameter for the passphrase and use it when reading the key? Or is there any other solution for it?

let sslPassphrase: string = null;
const keyPath = path.resolve(this.project.root, commandOptions.sslKey);
//read with the passphrase if the parameter is existing.       
if (fs.existsSync(keyPath)) {
        sslKey = fs.readFileSync(keyPath, 'utf-8');
     }

[igorjos]

I believe that passphrase should be optional argument to ng serve e.g ssl-passphrase , openrsa requires passphrase to generate the crt/key keys.

I have this same issue because of the passphrase and can't test the service worker properly on dev environment,.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}