Running node-red-start after trying to create HTTPS "Error 140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small"
The problem is that the latest versions of openssl now considers keys with a bit length of 1024 to be insecure.
Re-generate the private key with a size of 2048 and then recreate the certificate.
openssl genrsa -out privatekey.pem 2048
Simon Palmer
Updated on June 13, 2022Comments
-
Simon Palmer almost 2 years
Hi everybody I have been setting up remote access to node-red for my raspberry Pi. I have amended the settings.js and installed node-red-admin but when I go to start node-red I get the following error:
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small at Object.createSecureContext (_tls_common.js:131:17) at Server.setSecureContext (_tls_wrap.js:1152:27) at Server (_tls_wrap.js:1030:8) at new Server (https.js:65:14) at Object.createServer (https.js:89:10) at Object.<anonymous> (/usr/lib/node_modules/node-red/red.js:141:20) at Module._compile (internal/modules/cjs/loader.js:945:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:962:10) at Module.load (internal/modules/cjs/loader.js:798:32) at Function.Module._load (internal/modules/cjs/loader.js:711:12) { library: 'SSL routines', function: 'SSL_CTX_use_certificate', reason: 'ee key too small', code: 'ERR_SSL_EE_KEY_TOO_SMALL' } nodered.service: Main process exited, code=exited, status=1/FAILURE nodered.service: Failed with result 'exit-code'. nodered.service: Service RestartSec=100ms expired, scheduling restart. nodered.service: Scheduled restart job, restart counter is at 1. Stopped Node-RED graphical event wiring tool. Started Node-RED graphical event wiring tool. _tls_common.js:131 c.context.setCert(cert);This happened after I successfully created privatekey.pem and certificate.pem. To create these files I used:
openssl genrsa -out privatekey.pem 1024then used
openssl req -new -key privatekey.pem -out private-csr.pemafter which I put in relevant info and then recieved verification "signature is ok" with
openssl x509 -req -days 365 -in private-csr.pem -signkey privatekey.pem -out certificate.pemAs the above returned privatekey.pem and certificate.pem files under ls -la I moved onto uncommented the following:
// The `https` setting requires the `fs` module. Uncomment the following // to make it available: var fs = require("fs"); module.exports = { // the tcp port that the Node-RED web server is listening on uiPort: process.env.PORT || 1880,and also
adminAuth: { type: "credentials", users: [ { username: "admin", password: "$2a$08$9Miva2AQEFlXQ3S7emXlIuLkLzNzi9yzgqxGYMY5dzK4FzNQa7dCu", permissions: "*" } ] },with loading fs module
https: { key: fs.readFileSync('/home/pi/.node-red/privatekey.pem'), cert: fs.readFileSync('/home/pi/.node-red/certificate.pem') },After doing this configuration I get the error message stated at the beginning. Update: I did delete the contents of .node-red/settings.js and replaced with https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js and node-red starts! woohoo! However when try to reconfigure the settings.js file again it runs into the same error.. FYI I am carefully uncommenting lines however could the problem reside in the hash-pw i receive from node-red-admin? Because when I try to install node-red-admin with "npm install -g node-red-admin" after logging in as root via "su" it comes up with the following:
pi@padrejuan:~ $ su Password: root@padrejuan:/home/pi# npm install -g node-red-admin /usr/local/bin/node-red-admin -> /usr/local/lib/node_modules/node-red- admin/node-red-admin.js > [email protected] install /usr/local/lib/node_modules/node-red- admin/node_modules/bcrypt > node-pre-gyp install --fallback-to-build node-pre-gyp WARN Using request for node-pre-gyp https download node-pre-gyp WARN Pre-built binaries not installable for [email protected] and [email protected] (node-v72 ABI, glibc) (falling back to source compile with node-gyp) node-pre-gyp WARN Hit error EACCES: permission denied, mkdir '/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/lib' gyp WARN EACCES user "nobody" does not have permission to access the dev dir "/root/.cache/node-gyp/12.11.1" gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/.node- gyp" gyp WARN install got an error, rolling back install gyp WARN install got an error, rolling back install gyp ERR! configure errorand so on.
Any help would be greatly appreciated