Socket.io/Node.js和SSL
[英]Socket.io/Node.js and SSL
问题描述
I recently bought a SSL certificate from Comodo. 
我最近从Comodo购买了SSL证书。 They sent me these files: 他们发给我这些文件:
AddTrustExternalCARoot.crt
PositiveSSLCA2.crt
mydomain.crt
I then created my private key and ca-bundle like so, 然后,我创建了我的私钥和ca-bundle,
openssl genrsa -des3 -out mydomain.key 1024
cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > mydomain.ca-bundle
This is the code I'm using to put it all together. 这是我用来将它们放在一起的代码。 I get an SSL connection error in Chrome. 我在Chrome中遇到SSL连接错误。
var privateKey = fs.readFileSync('./mydomain.key').toString();
var certificate = fs.readFileSync('./mydomain.crt').toString();
var ca = fs.readFileSync('./mydomain.ca-bundle').toString();
var io = require('socket.io').listen(1200, { key:privateKey,cert:certificate,ca:ca });
1 个解决方案
解决方案1
2 已采纳 2014-02-25 21:41:01
You generate your private key before you are issued a certificate. 您在颁发证书之前生成私钥。
A certificate is created when a CA signs the public key that goes with a particular private key. 当CA签署与特定私钥一起使用的公钥时,将创建证书。 You generate a private key, then you create a CSR which includes the public key. 您生成一个私钥,然后您创建一个包含公钥的CSR。 The CA sends you back a certificate. CA会向您发送证书。
You must have generated a private key at some point before you got a certificate – you have to use that. 您必须在获得证书之前的某个时刻生成私钥 - 您必须使用它。 If you try to use a private key that you generate after the certificate is issued, it will obviously not match the public key in your certificate. 如果您尝试使用在颁发证书后生成的私钥,它显然与证书中的公钥不匹配。
Also, node's tls module cannot parse certificate bundles. 此外,node的tls模块无法解析证书包。 You have to pass each certificate separately in an array. 您必须在阵列中单独传递每个证书。
{
key: fs.readFileSync('mydomain.key'),
cert: fs.readFileSync('mydomain.crt'),
ca: [ fs.readFileSync('AddTrustExternalCARoot.crt'), fs.readFileSync('PositiveSSLCA2.crt') ]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.