[英]How to use an SSL certificate from wosign in node.js
I'm trying to use a free ssl certificate(s?) I got from wosign in node.js, but I'm having some issues. 我试图使用从node.js中的wosign获得的免费ssl证书,但出现了一些问题。
I'm creating my server with: 我正在使用以下方法创建服务器:
var server = https.createServer({key: serviceKey, cert: certificate}, httpHandler).listen(port)
which works fine with my self-signed certificate. 与我的自签名证书一起使用时效果很好。 To allow wosign to generate a certificate, I gave them the CSR that was generated alongside my self-signed certificate.
为了允许wosign生成证书,我给了他们与我的自签名证书一起生成的CSR。 They gave me the following files:
他们给了我以下文件:
I've also read through the following couple sources to help me along: 我还阅读了以下几个资料来帮助我:
Both mention that the "order" of the certificates is important, but I don't know what they mean there. 两者都提到证书的“顺序”很重要,但我不知道它们在那里的含义。 I assumed that there would be a single certificate I could replace my self-signed
certificate
with. 我假设只有一个证书可以代替我的自签名
certificate
。 If there's an order, I assume it goes 1->2->3 as those numbers are in the filenames. 如果有命令,我认为它会以1-> 2-> 3的顺序出现,因为这些数字在文件名中。
I replaced my certificate
with the 3_user_my.domain.crt
contents, and it works like my self-signed one - chrome says it should only work on localhost. 我用
3_user_my.domain.crt
内容替换了certificate
,它的工作方式就像我的自签名certificate
3_user_my.domain.crt
表示它只能在本地主机上工作。
So how do I "order" these certs and ultimately how do I use the files given to me so that browsers will recognize it correctly? 那么,如何“订购”这些证书,以及最终如何使用提供给我的文件,以便浏览器正确识别它?
Ok, I got it working. 好吧,我知道了。
A . A. I learned that the "certificate" used actually can be multiple certificates (crt files that only have one
-----BEGIN CERTIFICATE-----
and one -----END CERTIFICATE-----
. So in order to make it work right, I needed to create one certificate file/string that contained 3 of the 4 certificates I got in the right order (apparently the root.crt isn't useful) 我了解到,实际上使用的“证书”可以是多个证书(只有一个
-----BEGIN CERTIFICATE-----
和一个-----END CERTIFICATE-----
crt文件。为了使其正常工作,我需要创建一个证书文件/字符串,其中包含我按正确顺序获得的4个证书中的3个(显然root.crt没用)
B1 . B1 。 The English set of certificate wosign gave me didn't match my private key, which I verified using the following:
wosign给我的英文证书集与我的私钥不匹配,我使用以下方法对此进行了验证:
openssl x509 -noout -modulus -in yourcertificate.crt | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5
# If both outputs match, the cert matches the key, otherwise they don't
B2 . B2 。 So I chose the chinese certificate option, and there was a much different set of certs in the archive I got from that.
因此,我选择了中文证书选项,从中获得的存档中有许多不同的证书。 I used the bundled cert for NGINX.
我为NGINX使用了捆绑的证书。 And that works!
那行得通!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.