Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Node module to enable HTTPS/SSL in a loopback application with simple configurations. The module also enables trusted peer authentication.

Travis npm npm npm David David Codacy Badge Join the chat at


  • Enable SSL in Loopback application
  • Enable mutual SSL authentication in Loopback


Install loopback:

# install loopback-cli
npm install -g loopback-cli

# create project directory
mkdir <app-name>
cd <app-name>

# create loopback application
# ? What's the name of your application? <app-name>
# ? Which version of LoopBack would you like to use? 3.x (current)
# ? What kind of application do you have in mind? notes

Install loopback-ssl:

npm install loopback-ssl --save

Setup Configuration:

Add the following lines of configuration in 'config.json' in location "<app-dir>/server/config.json"

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "local.pem",
    "cert": "local.crt.pem",
    "ca": [],
    "requestCert": false,
    "rejectUnauthorized": false

Configure server.js

Edit the server.js located at "<app-dir>/server/server.js". Replace the code in server.js with the code below (assuming no prior customizations to the file)


var loopback = require('loopback');
var boot = require('loopback-boot');
var loopbackSSL = require('loopback-ssl');

var app = module.exports = loopback();

boot(app, __dirname, function(err) {
  if (err) throw err;

return loopbackSSL.startServer(app);

Configuration options

Option 1: HTTP (default loopback configuration)

The configuration entry "httpMode": true will enable http (disable https). In this mode the "certConfig": {..} configuration is not required and can be omitted.

  "httpMode": true

Option 2: HTTPS: Loading certificates from files

The configuration entry "httpMode": false will enable https.

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "serverkey.pem",
    "cert": "server-certificate.pem",
    "ca": [],
    "requestCert": false,
    "rejectUnauthorized": false
  • "path" - folder location where the certificates files will be installed
  • "key" - server key
  • "cert" - server certificate

Option 3: HTTPS: Loading certificates from files & Mutual SSL authentication

Will only work with pre-generated certificate files

  "httpMode": false,
  "certConfig": {
    "path": "/certificate/path/",
    "key": "serverkey.pem",
    "cert": "server-certificate.pem",
    "ca": [
    "requestCert": true,
    "rejectUnauthorized": true
  • The ca[] configuration contains the list of client certificates which the server will authenticate
  • "requestCert": true enables mutual SSL authentication
  • "rejectUnauthorized": true enables the authenticity and validity check of client keys
  • For any reason, if the client certificate is a self signed certificate, "rejectUnauthorized": can be set to false.


  • Want to contribute? Great! Please check this guide.
  • Fork it ( )
  • Create your feature branch (git checkout -b new-feature)
  • Commit your changes (git commit -am 'Add some feature')
  • Push to the branch (git push origin new-feature)
  • Create new Pull Request



See Also