简体繁体 English

Node.js https证书到期

[英]Node.js https Cert Expiration

原文 2014-04-28 20:01:16 5 1 node.js/ iis/ ssl

I'm looking at setting up Node over https, which references the pfx certificate file. 我正在寻找通过https设置Node的方法，该协议引用了pfx证书文件。 What happens when the certificate expires? 证书过期后会怎样？ I believe for IIS, a new SSL cert is generated and installed. 我相信对于IIS，会生成并安装一个新的SSL证书。 Does this mean the new certificate would also need to be copied/referenced for Node? 这是否意味着还需要为Node复制/引用新证书？

If so, is there any way to seamlessly set up SSL with Node and that would continue to work even after cert expiration, to alleviate this? 如果是这样，是否有任何方法可以与Node无缝设置SSL，并且即使在证书到期后，这种方法仍可以继续工作以缓解这种情况？ Some kind of reference to IIS itself perhaps? 可能是对IIS本身的某种引用？ Our sysadmins are familiar with updating IIS, but I have a feeling all my node code will start breaking in 2016 (two years from now) when the cert expires, and I may not be around to help. 我们的系统管理员熟悉IIS的更新，但是我觉得当证书过期时，我的所有节点代码都将在2016年（从现在起两年后）开始中断，我可能不会帮忙。

1 个解决方案

I have no experience with IIS or Node, but a certificate will not automatically renew itself. 我没有IIS或Node的经验，但是证书不会自动更新。 Renewing means that a new certificate request with a new lifetime has to be generated and that the issuer has to sign this certificate request. 续订意味着必须生成具有新生存期的新证书申请，并且颁发者必须签署此证书申请。 And finally the newly created certificate has to put on the server to replace the old one. 最后，新创建的证书必须放在服务器上以替换旧证书。 It might be that IIS automates some part of this (eg creating a new certificate request based on the old certificate), but I doubt that it automates the process of sending the certificate request to the CA and get the newly signed certificate back. IIS可能会自动执行此操作的一部分（例如，基于旧证书创建新的证书请求），但是我怀疑它会自动将证书请求发送到CA并取回新签名的证书的过程自动化。 Actually, from looking at the documentation of some CAs it looks like there is lots of manual work still involved. 实际上，从查看某些CA的文档看，似乎仍然涉及许多手动工作。