堆栈内存溢出
  简体   繁体   English

nodejs - 带有自签名证书的UNABLE_TO_VERIFY_LEAF_SIGNATURE

[英]nodejs - UNABLE_TO_VERIFY_LEAF_SIGNATURE with self-signed certificate

 原文  2013-06-24 09:54:24       node.js/ ssl

问题描述

I'm trying to make node https work with a self-signed certificate with a request coming to IP address instead of a DNS name. 我正在尝试使节点https与自签名证书一起工作,请求来到IP地址而不是DNS名称。 I'm using this code 我正在使用此代码 

var tls = require('tls');
var fs = require('fs');

var cert = fs.readFileSync(__dirname + '/cert.pem');
var key = fs.readFileSync(__dirname + '/key.pem');

var netServer = new tls.Server(options = { key: key, cert: cert });
var port = 54321;

netServer.listen(port);

netServer.on('secureConnection', function(socket) {
    socket.end('heyyyoooo');
});

var client = tls.connect(port, 'localhost', {
    ca: [ cert ],
    rejectUnauthorized: true
});

client.on('data', function(data) {
    console.log(data.toString());
    process.exit();
});

It works fine with the cert generated by these instructions (without Subject Alternative Names) when the request is issued to localhost , however when I replace it with 127.0.0.1 , I get Error: Hostname/IP doesn't match certificate's altnames . 当请求发布到localhost ,它与这些指令生成的证书(没有使用主题备用名称)一起正常工作,但是当我用127.0.0.1替换它时,我得到Error: Hostname/IP doesn't match certificate's altnames So I've created a new certificate generating with subjectAltName . 所以我创建了一个使用subjectAltName生成的新证书。 Openssl reads it as: Openssl将其读作: 

    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 11107838472034892631 (0x9a26f83d0c0ebb57)
        Signature Algorithm: sha1WithRSAEncryption
            Issuer: CN=127.0.0.1
            Validity
                Not Before: Jun 24 09:51:56 2013 GMT
                Not After : Jun 22 09:51:56 2023 GMT
            Subject: CN=127.0.0.1
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (1024 bit)
                    Modulus: *skipped*
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Key Usage: 
                    Key Encipherment, Data Encipherment
                X509v3 Extended Key Usage: 
                    TLS Web Server Authentication
                X509v3 Subject Alternative Name: 
                    DNS:localhost, IP Address:127.0.0.1
        Signature Algorithm: sha1WithRSAEncryption
*skipped*

So the SANs were created properly. 因此SAN正确创建。 Now I'm getting Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE , how do I make it work? 现在我收到Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE ,我该如何使它工作?

1 个解决方案

解决方案1
 3  2013-11-01 20:07:59

尝试这个: 

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NodeJS UNABLE_TO_VERIFY_LEAF_SIGNATURE - NodeJS UNABLE_TO_VERIFY_LEAF_SIGNATURE 更新了我的 SSL 证书,但在 AWS EC2 服务器上的 nodejs 中获得了 UNABLE_TO_VERIFY_LEAF_SIGNATURE - Renewed my SSL certificate but getting UNABLE_TO_VERIFY_LEAF_SIGNATURE in nodejs on AWS EC2 server 在节点中安装自定义SSL证书(UNABLE_TO_VERIFY_LEAF_SIGNATURE) - Installing custom SSL certificate in Node (UNABLE_TO_VERIFY_LEAF_SIGNATURE) 对于某些证书,Nodejs错误出于notable_to_verify_leaf_signature中 - Nodejs errors out with unable_to_verify_leaf_signature for some certificates 无论如何,NodeJS 都会抛出 `UNABLE_TO_VERIFY_LEAF_SIGNATURE` - NodeJS keep throwing `UNABLE_TO_VERIFY_LEAF_SIGNATURE` no matter what 特定情况:UNABLE_TO_VERIFY_LEAF_SIGNATURE - a specific case: UNABLE_TO_VERIFY_LEAF_SIGNATURE 节点 - 无法验证第一个证书/UNABLE_TO_VERIFY_LEAF_SIGNATURE localhost - Node - Unable to Verify the First Certificate / UNABLE_TO_VERIFY_LEAF_SIGNATURE localhost 对 API 的请求失败,原因:无法验证第一个证书(和 UNABLE_TO_VERIFY_LEAF_SIGNATURE) - Request to API fails, reason: unable to verify the first certificate (and UNABLE_TO_VERIFY_LEAF_SIGNATURE) UNABLE_TO_VERIFY_LEAF_SIGNATURE 来自带有 Firebase 函数 node.js 和证书的请求 (pfx) - UNABLE_TO_VERIFY_LEAF_SIGNATURE from request with Firebase functions node.js with Certificate (pfx) 来自NodeJS的Pitney Bownes位置API-> [错误:UNABLE_TO_VERIFY_LEAF_SIGNATURE] - Pitney Bownes Location API from NodeJS -> [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM