[英]nodejs - UNABLE_TO_VERIFY_LEAF_SIGNATURE with self-signed certificate
I'm trying to make node https
work with a self-signed certificate with a request coming to IP address instead of a DNS name. 我正在尝试使节点https
与自签名证书一起工作,请求来到IP地址而不是DNS名称。 I'm using this code 我正在使用此代码
var tls = require('tls');
var fs = require('fs');
var cert = fs.readFileSync(__dirname + '/cert.pem');
var key = fs.readFileSync(__dirname + '/key.pem');
var netServer = new tls.Server(options = { key: key, cert: cert });
var port = 54321;
netServer.listen(port);
netServer.on('secureConnection', function(socket) {
socket.end('heyyyoooo');
});
var client = tls.connect(port, 'localhost', {
ca: [ cert ],
rejectUnauthorized: true
});
client.on('data', function(data) {
console.log(data.toString());
process.exit();
});
It works fine with the cert generated by these instructions (without Subject Alternative Names) when the request is issued to localhost
, however when I replace it with 127.0.0.1
, I get Error: Hostname/IP doesn't match certificate's altnames
. 当请求发布到localhost
,它与这些指令生成的证书(没有使用主题备用名称)一起正常工作,但是当我用127.0.0.1
替换它时,我得到Error: Hostname/IP doesn't match certificate's altnames
。 So I've created a new certificate generating with subjectAltName
. 所以我创建了一个使用subjectAltName
生成的新证书。 Openssl reads it as: Openssl将其读作:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11107838472034892631 (0x9a26f83d0c0ebb57)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=127.0.0.1
Validity
Not Before: Jun 24 09:51:56 2013 GMT
Not After : Jun 22 09:51:56 2023 GMT
Subject: CN=127.0.0.1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus: *skipped*
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha1WithRSAEncryption
*skipped*
So the SANs were created properly. 因此SAN正确创建。 Now I'm getting Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
, how do I make it work? 现在我收到Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
,我该如何使它工作?
尝试这个:
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.