Hands-On TLS: Inspect Certificates, Verify PFS, and Build a Local HTTPS Server
Published: (December 22, 2025 at 11:00 PM EST)
1 min read
Source: Dev.to
Source: Dev.to
TL;DR
Run three quick checks:
- Browser certificate
openssl s_client- DevTools mixed‑content scan
Use the Node.js example to experiment locally.
Look for:
- TLS 1.2 / TLS 1.3
- AEAD ciphers
- ECDHE for Perfect Forward Secrecy (PFS)
Minimal HTTPS Server (Node.js)
Save this as server.js. You’ll need key.pem and cert.pem (self‑signed is fine for local testing).
// server.js
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
https.createServer(options, (req, res) => {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('secure chat placeholder\n');
}).listen(8443, () => {
console.log('Listening on https://localhost:8443');
});Create a Local Certificate (Testing Only)
openssl req -x509 -newkey rsa:2048 -nodes \
-keyout key.pem \
-out cert.pem \
-days 365 \
-subj "/C=IN/ST=State/L=City/O=Org/CN=localhost"Hit It
node server.js
curl -vkI https://localhost:8443 --insecureInspect a Production Certificate (OpenSSL)
openssl s_client -connect example.com:443 -servername example.com