NodeJS & SSL - "bad password read"

The following command will generate an unencrypted key, so you won't need to provide a passphrase:

openssl rsa -in yourKey.key -out newKey.key

This command will prompt you for the passphrase.

This is because you've specified a passphrase when generating the cert. This is a password that must be supplied by anyone wanting to use it.

Adding a passphrase field to the credentials solves the problem.

var credentials = {
    key: fs.readFileSync('XXX.key', 'utf8'),
    cert: fs.readFileSync('XXX.crt', 'utf8'),
    passphrase: 'XXXX'
}

var httpsServer = https.createServer(credentials, app);