I'm a bit confused here. I want to run a node server which will be queried from some clients. I'm trying to use HTTPS, which I am not familiar with.
After reading some guides and the node docs, I created a key and self signed certificate with openssl, and created a node HTTPS server. So far so good.
The problem is, when trying to query it (I'm doing it from a node script as a test), I get an error: self signed certificate. Fixing this seems to involve using a rejectUnauthorized: false option when sending the request.
So my question: Does this defeat the purpose of using HTTPS, or is the communication still encrypted?
With a self-signed cert, your traffic is encrypted, but not authenticated (leaving you open to man-in-the-middle attacks).
You can get free certificates from Let's Encrypt; why not use that?