[node.js] Node.js https pem error: routines:PEM_read_bio:no start line

I am messing with login form right now with node.js, I tried creating a pem key and csr using

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

However I been getting errors for running node server.js

Here is my server.js

var http = require('http'),
    express = require('express'),
UserServer = require('./lib/user-server');

var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('./key.pem', 'utf8'),
  cert: fs.readFileSync('./csr.pem', 'utf8')
};

var app = express();

app.configure(function(){
  app.use(express.bodyParser());
  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
});

var httpserver = http.createServer(app).listen('3004', '127.0.0.1');
var https_server = https.createServer(options, app).listen('3005', '127.0.0.1');
UserServer.listen(https_server);

Here is the error

crypto.js:104
  if (options.cert) c.context.setCert(options.cert);
                          ^
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Object.exports.createCredentials (crypto.js:104:31)
    at Server (tls.js:1107:28)
    at new Server (https.js:35:14)
    at Object.exports.createServer (https.js:54:10)

I tried running

openssl x509 -text -inform DER -in key.pem

It gives

unable to load certificate
140735208206812:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140735208206812:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509

I am not exactly sure what does the error mean as my encryption file is .pem file already, so any help would be much appreciated.

Thanks

I guess this is because your nodejs cert has expired. Type this line :
npm set registry http://registry.npmjs.org/
and after that try again with npm install . This actually solved my problem.

I faced with the problem like this.

The problem was that I added the public key without '-----BEGIN PUBLIC KEY-----' at the beginning and without '-----END PUBLIC KEY-----'.

So it causes the error.

Initially, my public key was like this:

-----BEGIN PUBLIC KEY-----
WnsbGUXbb0GbJSCwCBAhrzT0s2KMRyqqS7QBiIG7t3H2Qtmde6UoUIcTTPJgv71
......
oNLcaK2wKKyRdcROK7ZTSCSMsJpAFOY
-----END PUBLIC KEY-----

But I used just this part:

WnsbGUXb+b0GbJSCwCBAhrzT0s2KMRyqqS7QBiIG7t3H2Qtmde6UoUIcTTPJgv71
......
oNLcaK2w+KKyRdcROK7ZTSCSMsJpAFOY

Generate the private key and server certificate with specific expiry date or with infinite(XXX) expiry time and self sign it.

$ openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX

$ Enter a private key passphrase...`

Then it will work!

Corrupted cert and/or key files

For me it was just corrupted files. I copied the contents from GitHub PullRequest webpage and I guess I added an extra space somewhere or whatever... once I grabbed the raw thing and replaced the file, it worked.

For me the issues was I had the key and cert swapped.

var options = {
   key: fs.readFileSync('/etc/letsencrypt/live/mysite.com/privkey.pem'),
   cert: fs.readFileSync('/etc/letsencrypt/live/mysite.com/fullchain.pem'),
   ca: fs.readFileSync('/etc/letsencrypt/live/mysite.com/chain.pem')
};

EDIT

More Complete Example (Maybe not completely functional)

Server.js

    var fs = require('fs');

    var sessionKey = 'ai_session:';
    var memcachedAuth = require('memcached-auth');

    var clients = {};
    var users = {};

    var options = {
      key: fs.readFileSync('/etc/letsencrypt/live/somesite.com/privkey.pem'),
      cert: fs.readFileSync('/etc/letsencrypt/live/somesite.com/fullchain.pem'),
      ca: fs.readFileSync('/etc/letsencrypt/live/somesite.com/chain.pem')
    };

    var origins = 'https://www.somesite.com:*';
    var https = require('https').createServer(options,function(req,res){

        // Set CORS headers
        res.setHeader('Access-Control-Allow-Origin', origins);
        res.setHeader('Access-Control-Request-Method', '*');
        res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
        res.setHeader('Access-Control-Allow-Headers', '*');

    });

    var io = require('socket.io')(https);
    https.listen(3000);

    io.sockets.on('connection', function(socket){

      socket.on('auth', function(data){

          var session_id = sessionKey+data.token;
          memcachedAuth.is_logged_in(session_id).then( (response) => {

          if(response.is_logged_in){

              // user is logged in
              socket.emit('is_logged_in', true);

              messenger.addUser(socket); 

              // dynamic room
              socket.on('room', function(room){
             socket.join(room);
             console.log('joing room '+room);
              });

              socket.on('message', function(data){
              messenger.receive(data.message_data);                 
              });
          }else{
              // Not logged in
              socket.emit('is_logged_in', false);
          }
          }).catch( (error) => {
          console.log(error);
          });

      });


    });


    var messenger = {
        socket: (socket)=>{
          return socket;  
        },
        subscribe: (room)=>{

        },
        unsubscribe: (room)=>{

        },
        send: (data)=>{

        },
        receive: (data)=>{
        console.log(data);
          //connected
          if (clients[data.user_name]){
            console.log('user');
          }    
        },
        addUser: (socket)=>{
        socket.on('add-user', function(data){
            clients[data] = {
              "socket": socket.id
            };
            console.log('Adding User:' + data);
            console.log(clients);
        });          
        },
        private: (socket)=>{
        // Not working yet...
        socket.on('message', function(data){

            console.log("Sending: " + data + " to " + data.user_name);

            if (clients[data.user_name]){
              io.sockets.connected[clients[data.user_name].socket].emit("response", data);
            } else {
              console.log("User does not exist: " + data.user_name); 
            }
        });           
        },
        disconnect:()=>{
        //Removing the socket on disconnect
        socket.on('disconnect', function() {
         for(var name in clients) {
           if(clients[name].socket === socket.id) {
             delete clients[name];
             break;
           }
         }  
        });         
        }
    }

I have created a repo on github including a more complete version of the above code if anyone is interested: https://github.com/snowballrandom/Memcached-Auth

You are probably using the wrong certificate file, what you need to do is generate a self signed certificate which can be done as follows

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt

then use the server.crt

   var options = {
      key: fs.readFileSync('./key.pem', 'utf8'),
      cert: fs.readFileSync('./server.crt', 'utf8')
   };

If you are using windows, you should make sure that the certificate file csr.pem and key.pem don't have unix-style line endings. Openssl will generate the key files with unix style line endings. You can convert these files to dos format using a utility like unix2dos or a text editor like notepad++

If you log the

var options = {
  key: fs.readFileSync('./key.pem', 'utf8'),
  cert: fs.readFileSync('./csr.pem', 'utf8')
};

You might notice there are invalid characters due to improper encoding.

For me, the solution was to replace \\n (getting formatted into the key in a weird way) in place of \n

Replace your key: <private or public key> with key: (<private or public key>).replace(new RegExp("\\\\n", "\g"), "\n")

I removed this error by write the following code

Open Terminal

1. openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

2. openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt

Now use the server.crt and key.pem file

app.js or server.js file

var https = require('https');
var https_options = {
  key: fs.readFileSync('key.pem', 'utf8'),
  cert: fs.readFileSync('server.crt', 'utf8')
};

var server = https.createServer(https_options, app).listen(PORT);
console.log('HTTPS Server listening on %s:%s', HOST, PORT);

It works but the certificate is not trusted. You can view the image in image file.

For me, after trying all above solutions it ended up being a problem related to encoding. Concisely, my key was encoded using 'UTF-8 with BOM'. It should be UTF-8 instead.

To fix it, at least using VS Code follow this steps:

1. Open the file and click on the encoding button at the status bar (at the bottom) and select 'Save with encoding'.
2. Select UTF-8.
3. Then try using the certificate again.

I suppose you can use other editors that support saving with the proper encoding.

Source: error:0906d06c:pem routines:pem_read_bio:no start line, when importing godaddy SSL certificate

P.D I did not need to set the encoding to utf-8 option when loading the file using the fs.readFileSync function.

Hope this helps somebody!

I actually just had this same error message.

The problem was I had key and cert files swapped in the configuration object.

Was facing the same problem In my case I changed the option parameter of cert to pfx & removed utf8 encoding.

before:

var options = {
    hostname : 'localhost',
    path : '/',
    method : 'POST',
    cert: fs.readFileSync(testCert, 'utf8'),
    passphrase:passphrase,
    agent:false,
    rejectUnauthorized:false
};

after:

var options = {
    hostname : 'localhost',
    path : '/',
    method : 'POST',
    pfx: fs.readFileSync(testCert),
    passphrase:passphrase,
    agent:false,
    rejectUnauthorized:false
};