如何从Node.js中的wosign使用SSL证书
[英]How to use an SSL certificate from wosign in node.js
问题描述
I'm trying to use a free ssl certificate(s?) I got from wosign in node.js, but I'm having some issues. 
我试图使用从node.js中的wosign获得的免费ssl证书,但出现了一些问题。
I'm creating my server with: 我正在使用以下方法创建服务器:
var server = https.createServer({key: serviceKey, cert: certificate}, httpHandler).listen(port)
which works fine with my self-signed certificate. 与我的自签名证书一起使用时效果很好。 To allow wosign to generate a certificate, I gave them the CSR that was generated alongside my self-signed certificate. 为了允许wosign生成证书,我给了他们与我的自签名证书一起生成的CSR。 They gave me the following files: 他们给了我以下文件:
- root.crt root.crt一样
- 3_user_my.domain.crt 3_user_my.domain.crt
- 2_issuer_Intermediate.crt 2_issuer_Intermediate.crt
- 1_cross_Intermediate.crt 1_cross_Intermediate.crt
I've also read through the following couple sources to help me along: 我还阅读了以下几个资料来帮助我:
- https://www.ohling.org/blog/2015/02/wosign-free-2y-ssl-certificate.html https://www.ohling.org/blog/2015/02/wosign-free-2y-ssl-certificate.html
- http://www.lowendtalk.com/discussion/41289/free-chinese-2-year-ssl-certificate-dv-kuaissl-by-wosign-com http://www.lowendtalk.com/discussion/41289/free-chinese-2-year-ssl-certificate-dv-kuaissl-by-wosign-com
Both mention that the "order" of the certificates is important, but I don't know what they mean there. 两者都提到证书的“顺序”很重要,但我不知道它们在那里的含义。 I assumed that there would be a single certificate I could replace my self-signed certificate with. 我假设只有一个证书可以代替我的自签名certificate 。 If there's an order, I assume it goes 1->2->3 as those numbers are in the filenames. 如果有命令,我认为它会以1-> 2-> 3的顺序出现,因为这些数字在文件名中。
I replaced my certificate with the 3_user_my.domain.crt contents, and it works like my self-signed one - chrome says it should only work on localhost. 我用3_user_my.domain.crt内容替换了certificate ,它的工作方式就像我的自签名certificate 3_user_my.domain.crt表示它只能在本地主机上工作。
So how do I "order" these certs and ultimately how do I use the files given to me so that browsers will recognize it correctly? 那么,如何“订购”这些证书,以及最终如何使用提供给我的文件,以便浏览器正确识别它?
1 个解决方案
解决方案1
0 2015-10-09 01:30:53
Ok, I got it working. 好吧,我知道了。
A . A. I learned that the "certificate" used actually can be multiple certificates (crt files that only have one -----BEGIN CERTIFICATE----- and one -----END CERTIFICATE----- . So in order to make it work right, I needed to create one certificate file/string that contained 3 of the 4 certificates I got in the right order (apparently the root.crt isn't useful) 我了解到,实际上使用的“证书”可以是多个证书(只有一个-----BEGIN CERTIFICATE-----和一个-----END CERTIFICATE----- crt文件。为了使其正常工作,我需要创建一个证书文件/字符串,其中包含我按正确顺序获得的4个证书中的3个(显然root.crt没用)
B1 . B1 。 The English set of certificate wosign gave me didn't match my private key, which I verified using the following: wosign给我的英文证书集与我的私钥不匹配,我使用以下方法对此进行了验证:
openssl x509 -noout -modulus -in yourcertificate.crt | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5
# If both outputs match, the cert matches the key, otherwise they don't
B2 . B2 。 So I chose the chinese certificate option, and there was a much different set of certs in the archive I got from that. 因此,我选择了中文证书选项,从中获得的存档中有许多不同的证书。 I used the bundled cert for NGINX. 我为NGINX使用了捆绑的证书。 And that works! 那行得通!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.