如何获得在VPS服务器上的Windows VM上运行的NodeJS Express API的有效SSL证书?
[英]How to get a valid SSL certificate for a NodeJS Express API, running on a Windows VM on a VPS server?
问题描述
I'm setting up a Web API based on NodeJS and want to support HTTPS. 
我正在基于NodeJS设置Web API,并希望支持HTTPS。 Where can I get a valid SSL certificate? 在哪里可以获得有效的SSL证书?
I have a Windows VM running on a given IP address that is hosting a NodeJS API on a specific port. 我有一个在给定IP地址上运行的Windows VM,该IP地址在特定端口上托管NodeJS API。 Everything works fine via HTTP but when I change it to HTTPS I get this error: ERR_CERT_COMMON_NAME_INVALID 通过HTTP一切正常,但是当我将其更改为HTTPS时,出现此错误:ERR_CERT_COMMON_NAME_INVALID
https://i.ibb.co/cxvmZBf/Capture.png (Sorry, not enough reputation points) https://i.ibb.co/cxvmZBf/Capture.png (对不起,信誉点不足)
I've tried many approaches including using a valid certificate associated with a sub-domain and redirecting it to the VM's address. 我尝试了许多方法,包括使用与子域关联的有效证书并将其重定向到VM的地址。 Also, I've created a DNS Type A, and configured the given IP address. 另外,我创建了一个DNS Type A,并配置了给定的IP地址。 Then, with Let's Encrypt Certbot I've tried to generate a valid non-signed certificate but I've reached inconclusive errors due to incompatible IP settings. 然后,使用“让我们加密Certbot”来尝试生成有效的未签名证书,但是由于IP设置不兼容,我遇到了不确定的错误。
Is it possible to buy a certificate to the given IP? 是否可以购买给定IP的证书? If so, where? 如果是这样,在哪里? What other approaches can I try? 我还可以尝试其他哪些方法?
2 个解决方案
解决方案1
0 2018-12-21 13:20:08
As we can see in the browser error, currently your application does not have any server certificate configured in it. 正如我们在浏览器错误中看到的那样,当前您的应用程序未配置任何服务器证书。
To get a certificate you can generate a CSR using a tool like openssl cli or an online tool, send it to a well known CA and use the signed certificate as you server certificate for the NodeJS API. 要获得证书,您可以使用openssl cli之类的工具或在线工具生成CSR ,将其发送到知名的CA,然后将签名的证书用作NodeJS API的服务器证书。
It's described in the NodeJS documentation how to configure the server certificates (.pem files): NodeJS文档中描述了如何配置服务器证书(.pem文件):
// curl -k https://localhost:8000/
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
解决方案2
0 2018-12-21 13:43:46
You may use this tool to generate a self signed certificate and include in your Application. 您可以使用此工具生成自签名证书,并将其包含在您的应用程序中。 Or else you can copy the command and generate certificates on your own using openssl cli. 否则,您可以使用openssl cli复制命令并自行生成证书。
A sample command to generate your own certificate with X.509 standard is: 使用X.509标准生成自己的证书的示例命令是:
openssl req -new -newkey rsa:2048 -x509 -nodes -keyout key.pem -out certificate.pem -sha256 -days 750 -subj "/C=IN/ST=/L=/O=TCS/OU=CTO/CN=YOURDOMAIN" -config <(
cat <<-EOF
[req]
default_bits = 2048
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
[ req_ext ]
basicConstraints=CA:FALSE
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ALTERNATEDNS1
DNS.2 = ALTERNATEDNS2
EOF
)
You may also go for verified certificate issued by different Certificate Authorities (CA), For more info click here 您也可以去找由不同的证书颁发机构(CA)颁发的经过验证的证书,有关更多信息,请单击此处
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.