[英]Does running a node HTTPS server with a self-signed certificate defeat the purpose of using HTTPS?
I'm a bit confused here. 我在这里有点困惑。 I want to run a node server which will be queried from some clients.
我想运行一个可以从某些客户端查询的节点服务器。 I'm trying to use HTTPS, which I am not familiar with.
我正在尝试使用不熟悉的HTTPS。
After reading some guides and the node docs, I created a key and self signed certificate with openssl, and created a node HTTPS server. 阅读一些指南和节点文档后,我使用openssl创建了密钥和自签名证书,并创建了节点HTTPS服务器。 So far so good.
到现在为止还挺好。
The problem is, when trying to query it (I'm doing it from a node script as a test), I get an error: self signed certificate
. 问题是,当尝试查询它时(我正在从节点脚本中进行测试),我得到一个
error: self signed certificate
。 Fixing this seems to involve using a rejectUnauthorized: false
option when sending the request. 解决此问题似乎涉及在发送请求时使用
rejectUnauthorized: false
选项。
So my question: Does this defeat the purpose of using HTTPS, or is the communication still encrypted? 所以我的问题是:这是否违背了使用HTTPS的目的,还是通信仍处于加密状态?
With a self-signed cert, your traffic is encrypted , but not authenticated (leaving you open to man-in-the-middle attacks). 使用自签名证书,您的流量将被加密 ,但不会经过身份验证 (使您容易受到中间人攻击)。
You can get free certificates from Let's Encrypt ; 您可以从Let's Encrypt获得免费证书; why not use that?
为什么不使用它?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.