{"id":78,"date":"2026-03-12T17:26:52","date_gmt":"2026-03-12T17:26:52","guid":{"rendered":"http:\/\/certsimple.com\/certsimplefast-painless-ev-ssl\/"},"modified":"2026-03-12T17:26:52","modified_gmt":"2026-03-12T17:26:52","slug":"certsimplefast-painless-ev-ssl","status":"publish","type":"page","link":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl","title":{"rendered":"CertSimple\n\t\tFast painless EV SSL"},"content":{"rendered":"<p><script src=\"https:\/\/certsimple.com\/files\/js\/blog\/dist\/index.js\"><\/script><br \/>\n<a class=\"mobile-logo\" href=\"https:\/\/certsimple.com\"><\/p>\n<h1>\n\t\t<img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/logo.svg\"\/>CertSimple<br \/>\n\t\t<small>Fast painless EV SSL<\/small><br \/>\n\t<\/h1>\n<p><\/a><\/p>\n<nav class=\"article-nav\">\n\t<a class=\"logo\" href=\"https:\/\/certsimple.com\"><\/p>\n<h1>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/logo.svg\"\/>CertSimple<br \/>\n\t\t\t<small>Fast painless EV SSL<\/small><br \/>\n\t\t<\/h1>\n<p>\t<\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\">Get a certificate<\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\/help\">Help &#038; FAQ<\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\/blog\"><strong>Blog<\/strong><\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\/about\">Why CertSimple<\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\/why-ev-ssl\">Why EV SSL<\/a><br \/>\n\t<a href=\"https:\/\/certsimple.com\/orders\">Log in<\/a><br \/>\n<\/nav>\n<div class=\"blog-title a-plus-node-js-ssl\">\n<header>\n<h2>How to get A+ on the SSL Labs test in node.js<\/h2>\n<p>\t\t<img decoding=\"async\" class=\"avatar\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/mike.jpg\"\/><\/p>\n<p class=\"date\">By Mike on 24th March 2015<\/p>\n<\/header>\n<\/div>\n<div class=\"blog\">\n<p class=\"35abpmkrc7reoxkzb\"><strong>Update May 18 2015:<\/strong> <a href=\"https:\/\/github.com\/nodejs\/node\/commit\/5755fc099f883293530406c423bda47414834057\">CertSimple has added newer, even better ciphers into node.js itself<\/a>, which appears in node 4. If you&#39;re using node 0.12, grab the <a href=\"https:\/\/github.com\/nodejs\/node\/blob\/master\/lib\/tls.js\">cipher list from the latest node source<\/a> which contains our changes, then add HSTS support per this article.<\/p>\n<h2 id=\"the-ssl-labs-test\">The SSL Labs test<\/h2>\n<p class=\"35abpmkrc7reoxkzb\">The <a href=\"https:\/\/www.ssllabs.com\/ssltest\/analyze.html\">SSL Labs test<\/a> examines a wide variety of aspects of HTTP servers, including simulating the handshakes where browsers and servers agree on crypto. It&#39;s a good starting point for checking your SSL configuration.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">The test evolves over time &#8211; as new weaknesses get found in protocols, new technologies emerge that get added to requirements &#8211; so while the results here are accurate at publication, they might not be by the time you&#39;re reading this. Run your own tests and see.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Lastly: we&#39;re running this on node.js because a couple of the modules we use don&#39;t yet run on io.js. As you&#39;re about to see, io.js is a lot better out of the box than node 0.12 is. <strong>If you&#39;re using io.js, skip forward to the HSTS steps<\/strong>.<\/p>\n<h2 id=\"introducing-cipher-suites\">Introducing cipher suites<\/h2>\n<p class=\"35abpmkrc7reoxkzb\">These are also called &#39;ciphersets&#39; by node devs or just <code>ciphers<\/code> in the actual node function signatures.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Run the current stable node, 0.12. Start a TLS server. Statistically , it&#39;s likely you&#39;re using Express, so it will look something like this:<\/p>\n<pre><code>var server = https.createServer({\n    key: privateKey,\n    cert: certificate,\n    ca: certificateAuthority\n}, app);\n<\/code><\/pre>\n<p class=\"35abpmkrc7reoxkzb\">The defaults for https.createServer() are <a href=\"https:\/\/nodejs.org\/api\/tls.html#tls_tls_ssl\">described in the node docs<\/a>. Expanding on that, you&#39;re actually running something like this.<\/p>\n<pre><code>var server = https.createServer({\n    key: privateKey,\n    cert: certificate,\n    ca: certificateAuthority,\n    ciphers: [\n        &quot;ECDHE-RSA-AES128-SHA256&quot;,\n        &quot;DHE-RSA-AES128-SHA256&quot;,\n        &quot;AES128-GCM-SHA256&quot;,\n        &quot;RC4&quot;,\n        &quot;HIGH&quot;,\n        &quot;!MD5&quot;,\n        &quot;!aNULL&quot;\n    ].join(&#39;:&#39;),\n}, app);\n<\/code><\/pre>\n<p class=\"35abpmkrc7reoxkzb\"><code>ciphers<\/code> normally takes a string because that openssl expects, but we use an array and join it because it&#39;s a little easier to read, allows us to make comments above individual lines, etc.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Items in <code>ciphers<\/code> can take a few formats, including:<\/p>\n<ul>\n<li><strong>Full cipher suites<\/strong>, like <code>AES128-GCM-SHA256<\/code>. In wider SSL terms, OpenSSLs <code>AES128-GCM-SHA256<\/code> is called <code>TLS_RSA_WITH_AES_128_GCM_SHA256<\/code>. We can <a href=\"http:\/\/www.openssl.org\/docs\/apps\/ciphers.html#CIPHER-LIST-FORMAT\">convert the OpenSSL names into &#39;standard&#39; names with the OpenSSL docs<\/a>. This means:\n<ul>\n<li>Use RSA for key exchange. This is the famous RSA, public key cryptography that you probably already know about.<\/li>\n<li>Use AES for the cipher algorithm &#8211; since public key crypto is slow, a symmetric algorithm (i.e., same password is used to encrypt and decrypt) is used to transfer the bulk of the data. That password, called a session key, was transmitted in the key exchange earlier.\n<ul>\n<li>Use 128 bit strength<\/li>\n<li>Use GCM for the cipher mode &#8211; GCM also <a href=\"https:\/\/tools.ietf.org\/html\/rfc5246\">makes sure messages haven&#39;t been tampered with<\/a><\/li>\n<li>Use SHA256 as input for the Pseudo Random Function. Note: originally we had this use of SHA256 as message authentication which wasn&#39;t correct &#8211; thanks to user &#39;masta&#39; on Hacker News.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Wildcard entries<\/strong> like <code>HIGH<\/code> or <code>RC4<\/code> that describe multiple cipher suites (again ,see the OpenSSL docs)<\/li>\n<li><strong>Blacklists<\/strong> using !, e.g. !MD5 since MD5 isn&#39;t considered secure anymore, since you can make two messages that have the same hash and that&#39;s been been used for real attacks on the server.<\/li>\n<\/ul>\n<p class=\"35abpmkrc7reoxkzb\">Now visit the SSL Labs test and test your server.<\/p>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/node-012.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">Out of the box, we&#39;ve got some work to do.<\/p>\n<\/blockquote>\n<h3 id=\"disabling-rc4-and-enforcing-our-preferred-cipher-order\">Disabling RC4 and enforcing our preferred cipher order<\/h3>\n<p class=\"35abpmkrc7reoxkzb\">OK, as SSL Labs notes, this server accepts the RC4 cipher, which is weak &#8211; there&#39;s more too, but we&#39;ll get to that later. Let&#39;s disable any cipher suite involving RC4 &#8211; using a <code>!<\/code> just like the <code>MD5<\/code> entry:<\/p>\n<p class=\"35abpmkrc7reoxkzb\">While we&#39;re at it, note this gem from the node docs:<\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">honorCipherOrder : When choosing a cipher, use the server&#39;s preferences instead of the client preferences.<br \/>\nAlthough, this option is disabled by default, it is recommended that you use this option in conjunction with the ciphers option to mitigate BEAST attacks.<\/p>\n<\/blockquote>\n<p class=\"35abpmkrc7reoxkzb\">It&#39;s somewhat worrying that the recommended option does not match the default. Let&#39;s use the recommended option:<\/p>\n<pre><code>\/\/ default node 0.12 ciphers with RC4 disabled\nciphers: [\n    &quot;ECDHE-RSA-AES128-SHA256&quot;,\n    &quot;DHE-RSA-AES128-SHA256&quot;,\n    &quot;AES128-GCM-SHA256&quot;,\n    &quot;!RC4&quot;, \/\/ RC4 be gone\n    &quot;HIGH&quot;,\n    &quot;!MD5&quot;,\n    &quot;!aNULL&quot;\n].join(&#39;:&#39;),\nhonorCipherOrder: true\n<\/code><\/pre>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/node-012-with-rc4-fixed.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">RC4 disabled, our grade is no longer capped at B. But something is broken with forward secrecy&#8230;<\/p>\n<\/blockquote>\n<h2 id=\"fixing-broken-perfect-forward-secrecy\">Fixing broken perfect forward secrecy<\/h2>\n<p class=\"35abpmkrc7reoxkzb\">Perfect forward secrecy is <em>rad<\/em>. Even if your private key is stolen, the bad guys still need to get the session key of future conversations to read anything.  That&#39;s amazing!<\/p>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/forward-secrecy-is-rad.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">Since all crypto related items need cool logos now.<\/p>\n<\/blockquote>\n<p class=\"35abpmkrc7reoxkzb\">In the browser handshakes for Chrome 40 (which is already old at this point), Android 5.0.0 and Googlebot, you&#39;ll see &#39;No FS&#39; in orange on the right. It turns out that Google product really seem to like AES128-GCM-SHA256 and picks it over the forward secrecy cipher suites (they start with an E for &#39;ephemeral&#39;. This was <a href=\"https:\/\/github.com\/iojs\/io.js\/pull\/826\">found and fixed in io.js already<\/a>.<\/p>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/forward-secrecy-google.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">Note the &#39;No FS&#39; besides Google Chrome Desktop, Google Chrome on Android, and Googlebot<\/p>\n<\/blockquote>\n<p class=\"35abpmkrc7reoxkzb\">The same io.js pull request also <a href=\"https:\/\/iojs.org\/api\/tls.html#tls_tls_createserver_options_secureconnectionlistener\">sets honorCipherOrder to true by default<\/a>.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Let&#39;s grab the <a href=\"https:\/\/iojs.org\/api\/tls.html\">ciphers from the iojs docs<\/a>:<\/p>\n<pre><code>[\n    &quot;ECDHE-RSA-AES256-SHA384&quot;,\n    &quot;DHE-RSA-AES256-SHA384&quot;,\n    &quot;ECDHE-RSA-AES256-SHA256&quot;,\n    &quot;DHE-RSA-AES256-SHA256&quot;,\n    &quot;ECDHE-RSA-AES128-SHA256&quot;,\n    &quot;DHE-RSA-AES128-SHA256&quot;,\n    &quot;HIGH&quot;,\n    &quot;!aNULL&quot;,\n    &quot;!eNULL&quot;,\n    &quot;!EXPORT&quot;,\n    &quot;!DES&quot;,\n    &quot;!RC4&quot;,\n    &quot;!MD5&quot;,\n    &quot;!PSK&quot;,\n    &quot;!SRP&quot;,\n    &quot;!CAMELLIA&quot;\n].join(&#39;:&#39;),\n<\/code><\/pre>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/node-012-with-iojs-ciphers.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">Using the iojs ciphers list fixes forward secrecy on Google products.<\/p>\n<\/blockquote>\n<h2 id=\"finally-or-firstly-for-io-js-using-hsts-to-tell-browsers-we-expect-to-keep-using-https\">Finally (or firstly for io.js) using HSTS to tell browsers we expect to keep using HTTPS<\/h2>\n<p class=\"35abpmkrc7reoxkzb\">For <a href=\"https:\/\/certsimple.com\/files\/downloads\/ssl_server_rating_guide.pdf\">an A+ we need HSTS<\/a>. HSTS tells clients using HTTPS to expect to keep using HTTPS for some time in future &#8211; which makes attacks that try and downgrade HTTPS to HTTP harder. For SSL Labs explicitly, the want at least six months ahead &#8211; which should be fine, since we plan to keep using HTTPS for a very long time.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Setting up HSTS only takes a moment. Grab the <code>helmet<\/code> module from npm. Assuming Express (because Express is popular), in app.js, it looks like:<\/p>\n<pre><code>var helmet = require(&#39;helmet&#39;);\nvar ONE_YEAR = 31536000000;\napp.use(helmet.hsts({\n    maxAge: ONE_YEAR,\n    includeSubdomains: true,\n    force: true\n}));\n<\/code><\/pre>\n<p class=\"35abpmkrc7reoxkzb\">And re test:<\/p>\n<p class=\"35abpmkrc7reoxkzb\"><img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/a-plus-ssl\/node-012-with-iojs-ciphers-and-hsts.png\"\/><\/p>\n<blockquote>\n<p class=\"35abpmkrc7reoxkzb\">Boom.<\/p>\n<\/blockquote>\n<h2 id=\"summary\">Summary<\/h2>\n<p class=\"35abpmkrc7reoxkzb\">node.js 0.12:<\/p>\n<ul>\n<li>Includes <a href=\"https:\/\/certsimple.com\/files\/rfc\/rfc7465.txt\">RC4, which is considered vulnerable and the use of which is prohibited by the IETF<\/a>.<\/li>\n<li>Disables honorCipherOrder by default, <a href=\"https:\/\/nodejs.org\/api\/tls.html#tls_tls_createserver_options_secureconnectionlistener\">despite recommending enabling it to avoid the BEAST attack<\/a>.<\/li>\n<li><a href=\"https:\/\/github.com\/iojs\/io.js\/pull\/826\">Breaks Forward Secrecy when handshaking with Google products<\/a>, including Android 5.0.0, Chrome 40, and Googlebot.<\/li>\n<\/ul>\n<p class=\"35abpmkrc7reoxkzb\">These issues have been resolved in io.js. Even if you can&#39;t use io.js yet, <strong>you can still use the io.js cipher suite settings<\/strong> to resolve them.<\/p>\n<p class=\"35abpmkrc7reoxkzb\">Both io.js and node.js 0.12:<\/p>\n<ul>\n<li>Need HSTS for an A+ score. This is a one minute fix using the <code>helmet<\/code> module.<\/li>\n<\/ul>\n<p class=\"35abpmkrc7reoxkzb\">Here&#39;s a <a href=\"https:\/\/github.com\/mikemaccana\/ssltest\">node 0.12 default Express app modified to get A+ on the SSL Labs test<\/a>.<\/p>\n<div class=\"bio\">\n\t\t<img decoding=\"async\" class=\"avatar\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/mike.jpg\"\/><\/p>\n<p class=\"date\">Mike MacCana, founder at CertSimple.<\/p>\n<\/p><\/div>\n<div class=\"blog-about-certsimple\">\n<h2 id=\"about-certsimple\">CertSimple makes EV SSL fast and painless.<\/h2>\n<div class=\"details\">\n\t\t\t<img decoding=\"async\" class=\"compare\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/compare.svg\"><\/p>\n<p class=\"35abpmkrc7reoxkzb\">CertSimple uses <a href=\"https:\/\/certsimple.com\/about\">unique technology<\/a> to provide EV SSL certificates <strong>40x faster<\/strong> than regular SSL vendors. We check your company registration, network details, physical address and flag common errors <strong>before you pay us<\/strong>, provide specific validation help for your company, realtime updates during the validation process, and check your infrastructure to help you set up HTTPS securely! <strong><a href=\"https:\/\/certsimple.com\">Try us!<\/a><\/strong><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"related-content\">\n<div class=\"other-articles\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/blog\/node-ssl-config\" class=\"other-article node-ssl-config\"><\/p>\n<header>\n\t\t\t\t\tImplementing Mozilla&#x27;s recommended cipher suites and TLS\/SSL versions on node &#038; npm<br \/>\n\t\t\t\t<\/header>\n<p>\t\t\t<\/a><br \/>\n\t\t\t<a href=\"https:\/\/certsimple.com\/blog\/wildcard-ev-certificate\" class=\"other-article wildcard-ev-certificate\"><\/p>\n<header>\n\t\t\t\t\tWhy can&#x27;t I get a wildcard EV certificate?<br \/>\n\t\t\t\t<\/header>\n<p>\t\t\t<\/a>\n\t\t<\/div>\n<\/p><\/div>\n<\/div>\n<div class=\"bonus-footer\">\n<div>\n\t\t<img decoding=\"async\" class=\"penny\" src=\"https:\/\/certsimple.com\/files\/images\/blog\/penny.svg\"\/><\/p>\n<p class=\"35abpmkrc7reoxkzb\">Copyright \u00a9 2016 <br class=\"35abpmkrc7reoxkzb\"\/>CertSimple Limited<\/p>\n<\/p><\/div>\n<div>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\">Get an EV certificate<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/help\">Help<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/why-ev-ssl\">Why EV<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/about\">Why CertSimple<\/a>\n\t\t<\/p>\n<\/p><\/div>\n<div>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/orders\">Log In<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/help\/contact\">Contact<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/help\/prices\">Pricing<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/help\">FAQ<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"mailto:team@certsimple.com\"><br \/>\n\t\t\t\tPress<br \/>\n\t\t\t<\/a>\n\t\t<\/p>\n<\/p><\/div>\n<div>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/certsimple.com\/blog\">Blog<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/twitter.com\/certsimplessl\">Twitter<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/github.com\/certsimple\">GitHub<\/a>\n\t\t<\/p>\n<p class=\"35abpmkrc7reoxkzb\">\n\t\t\t<a href=\"https:\/\/mixpanel.com\/f\/partner\" rel=\"nofollow\"><br \/>\n\t\t\t\t<img decoding=\"async\" src=\"https:\/\/certsimple.com\/files\/site_media\/images\/partner\/badge_light.png\" alt=\"Mobile Analytics\"\/><br \/>\n\t\t\t<\/a>\n\t\t<\/p>\n<\/p><\/div>\n<\/div>\n","protected":false,"raw":""},"excerpt":{"rendered":"<p>CertSimple Fast painless EV SSL CertSimple Fast painless EV [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template_11.php","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-78","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to get A+ on the SSL Labs test in node.js<\/title>\n<meta name=\"description\" content=\"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to get A+ on the SSL Labs test in node.js\" \/>\n<meta property=\"og:description\" content=\"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl\" \/>\n<meta property=\"og:site_name\" content=\"CertSimple | EV SSL &amp; TLS for 2019\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl\",\"url\":\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl\",\"name\":\"How to get A+ on the SSL Labs test in node.js\",\"isPartOf\":{\"@id\":\"https:\/\/certsimple.com\/#website\"},\"datePublished\":\"2026-03-12T17:26:52+00:00\",\"dateModified\":\"2026-03-12T17:26:52+00:00\",\"description\":\"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.\",\"breadcrumb\":{\"@id\":\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/certsimple.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CertSimple Fast painless EV SSL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/certsimple.com\/#website\",\"url\":\"https:\/\/certsimple.com\/\",\"name\":\"CertSimple | EV SSL &amp; TLS for 2019\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/certsimple.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-CA\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to get A+ on the SSL Labs test in node.js","description":"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl","og_locale":"en_US","og_type":"article","og_title":"How to get A+ on the SSL Labs test in node.js","og_description":"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.","og_url":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl","og_site_name":"CertSimple | EV SSL &amp; TLS for 2019","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl","url":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl","name":"How to get A+ on the SSL Labs test in node.js","isPartOf":{"@id":"https:\/\/certsimple.com\/#website"},"datePublished":"2026-03-12T17:26:52+00:00","dateModified":"2026-03-12T17:26:52+00:00","description":"Get EV SSL certificates in hours, not days. Prechecks before you pay. We do the hard work for you.","breadcrumb":{"@id":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/certsimple.com\/blog\/a-plus-node-js-ssl#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certsimple.com\/"},{"@type":"ListItem","position":2,"name":"CertSimple Fast painless EV SSL"}]},{"@type":"WebSite","@id":"https:\/\/certsimple.com\/#website","url":"https:\/\/certsimple.com\/","name":"CertSimple | EV SSL &amp; TLS for 2019","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certsimple.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-CA"}]}},"_links":{"self":[{"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/pages\/78","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/types\/page"}],"replies":[{"embeddable":true,"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/comments?post=78"}],"version-history":[{"count":0,"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/pages\/78\/revisions"}],"wp:attachment":[{"href":"https:\/\/certsimple.com\/wp-json\/wp\/v2\/media?parent=78"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}