在arangojs中配置TLS证书授权
[英]configure TLS certificate authroity in arangojs
问题描述
I created my own certificate authority to generate TLSv1.2 certificates for my development environment. 
我创建了自己的证书颁发机构,以为我的开发环境生成TLSv1.2证书。 My CA has a root cert, an intermediate cert signed by the root and a number of "leaf" certificates signed by the intermediate cert. 我的CA有一个根证书,一个由根证书签名的中间证书,以及由中间证书签名的许多“叶子”证书。 I use one of this leaf certificates for securely connectin to the arangodb server. 我使用此叶证书之一来安全地连接到arangodb服务器。 The arangod process seems to be running fine because I can successfully access the web interface to interact with the database, after installing the root/intermediate certs in the browser. Arangod进程似乎运行良好,因为在浏览器中安装了根/中间证书后,我可以成功访问Web界面以与数据库进行交互。
Troubles start when I try to connect my nodejs API server to the database using the arangojs javascript driver as explained in https://github.com/arangodb/arangojs#new-database where I found: 当我尝试使用arangojs javascript驱动程序将我的nodejs API服务器连接到数据库时,麻烦就开始了,如https://github.com/arangodb/arangojs#new-database中所述 ,我在其中找到:
If you need to support self-signed HTTPS certificates, you may have to add your certificates to the agentOptions, eg: 如果需要支持自签名HTTPS证书,则可能必须将证书添加到agentOptions中,例如:
agentOptions: {
ca: [
fs.readFileSync('.ssl/sub.class1.server.ca.pem'),
fs.readFileSync('.ssl/ca.pem')
]
}
The agentOption configuration works when using self-signed certificates and: 当使用自签名证书和:
agentOptions: {
ca: [
fs.readFileSync('db.crt.pem')
]
}
but fails when using my own CA-signed certificate and: 但是使用我自己的CA签名证书时失败,并且:
agentOptions: {
ca: [
fs.readFileSync('interm.crt.pem')
]
}
I also tried several other ca settings like: 1. passing [root, interm] certs buffers 2. passing [interm, root] certs buffers (exchanged order) 3. passing [root+interm] cert buffer (single concatenated file) 4. passing [interm+root] cert buffer (as above, exchanged order) but none of this seems to work. 我还尝试了其他一些ca设置,例如:1.传递[root,interm]证书缓冲区2.传递[interme,root]证书缓冲区(交换顺序)3.传递[root + interm]证书缓冲区(单个串联文件)4。传递[interm + root]证书缓冲区(如上所述,交换顺序),但这似乎都不起作用。 I always get a very long error message from arangojs in which, quite at the beginning, I see UNABLE_TO_VERIFY_LEAF_SIGNATURE 我总是收到来自arangojs的非常长的错误消息,其中,从一开始我就看到UNABLE_TO_VERIFY_LEAF_SIGNATURE
By looking it up I found references to node-ssl-root-cas npm module but since I'm using my own CA I don't see why I would want to use that (I also tried and didn't work either). 通过查找,我发现了对node-ssl-root-cas npm模块的引用,但是由于我使用自己的CA,所以我不明白为什么要使用它(我也尝试过并且也不起作用)。
My issue seems to be similar to https://github.com/arangodb/arangojs/issues/39 but the solution seems to be 1:1 in sync with the documentation above and it still didn't work. 我的问题似乎与https://github.com/arangodb/arangojs/issues/39相似,但解决方案似乎与上述文档是1:1同步,但仍然无法正常工作。
In the end I think this is just a subtle configuration problem of the agantOptions in arangojs. 最后,我认为这只是arangojs中agantOptions的一个细微的配置问题。 Can someone point me to the right config? 有人可以指出我正确的配置吗?
1 个解决方案
解决方案1
0 2017-07-07 17:06:43
I finally managed to establish a secured TLS connection by using: 我终于设法通过使用以下方法建立了安全的TLS连接:
agentOptions: {
ca: [
fs.readFileSync('interm_root.crt.pem')
]
}
where interm_root.crt.pem is the concatenation of intermediate and root certificates, that is obtained as: 其中interm_root.crt.pem是中间证书和根证书的串联,通过以下方式获得:
cat interm.crt.pem root.crt.pem > interm_root.crt.pem cat interm.crt.pem root.crt.pem> interm_root.crt.pem
For some reason I didn't get the concatenation right in the rush of my first round of tests. 由于某些原因,在第一轮测试中我并没有正确地进行串联。
Hope this can help other arangojs users anyway 希望这可以帮助其他arangojs用户
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.