Node.js:如何向使用自签名证书的应用程序发送 HTTPS 请求
[英]Node.js: how to send HTTPS requests to an app which uses a self-signed certificate
问题描述
I have 2 Node.js applications accessible via HTTPS .
我有2 个可通过 HTTPS 访问的 Node.js 应用程序。 I'm currently using self-signed certificates for those services.我目前正在为这些服务使用自签名证书。 Manual access (via a browser or Postman) to those services work as expected (with the usual security warnings about self-signed certificates, etc.).对这些服务的手动访问(通过浏览器或邮递员)按预期工作(带有关于自签名证书的通常安全警告等)。
But as for now, I cannot have one application communicate with the other via HTTPS.但就目前而言,我无法让一个应用程序通过 HTTPS 与另一个应用程序通信。 Here's my current code:这是我当前的代码:
// Request parameters and options
const https = require('https');
const postData = JSON.stringify(myPostData);
const options = {
hostname: '...',
port: ...,
path: '...',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': postData.length,
},
rejectUnauthorized: false,
};
let str = '';
const req = https.request(options, (res) => {
// Assembling response data...
res.on('data', chunk => str += chunk );
res.on('end', () => {
console.log('Received:', str);
});
});
// Error handling
req.on('error', (e) => {
console.error(e);
});
// Sending payload and terminating
req.write(postData);
req.end();
Question题
This works, but only because I use rejectUnauthorized: false .这有效,但只是因为我使用了rejectUnauthorized: false 。
How can I avoid to use this option?如何避免使用此选项? I see that I can provide a cert option (in https.RequestOptions ), but I'm unsure of how to use it.我看到我可以提供一个cert选项(在https.RequestOptions ),但我不确定如何使用它。 As I created the self-signed certificate, I possess every pieces of it.当我创建自签名证书时,我拥有它的每一部分。
My cert file, named selfsigned.crt , looks like this (and has Unix EOL):我的证书文件名为selfsigned.crt ,看起来像这样(并且有 Unix EOL):
-----BEGIN CERTIFICATE-----
MFoXDTI0MTEyNTE3NTczMFowgYcxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNB
QGNlbmVhdS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrP3Hy
........... lots of lines ......................................
zI2hWprwsM3PGb0DLCqlotqdoxu59PQRC7aj/yb11HyfyYO9hvFmjGPkmN6T0+r6
VQQGEwJGUjENMAs/Qs7p+B9/+taee8iPWpk=
-----END CERTIFICATE-----
I have tried these solutions:我已经尝试过这些解决方案:
- indicated the cert string as the
caand/orcertrequest options (see their description ) - I know this is actually taken into account, as if the string is malformed, the error is different (and related to the certificate format)将证书字符串表示为ca和/或cert请求选项(请参阅他们的描述)-我知道这实际上已被考虑在内,好像字符串格式错误一样,错误是不同的(并且与证书格式有关) - indicated the path of the cert to the 'NODE_EXTRA_CA_CERTS' environment variable, as suggested by Ashish Modi )指示证书到“NODE_EXTRA_CA_CERTS”环境变量的路径,如Ashish Modi所建议的那样)
- copied the cert file in the /etc/ssl/certs/ (calling application OS is debian) and launched
update-ca-certificates复制/etc/ssl/certs/中的cert文件(调用应用程序操作系统是debian)并启动update-ca-certificates
All of those solutions change nothing to the outcome:所有这些解决方案都不会对结果产生任何影响:
code: DEPTH_ZERO_SELF_SIGNED_CERT
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1055:34)
As for now, I still don't have a working solution.至于现在,我仍然没有一个可行的解决方案。
Bonus question!奖金问题! I'm very surprised how messy a simple call can look, all chronologically upside-down it gets with the callbacks.我很惊讶一个简单的调用看起来是多么的凌乱,所有的时间顺序都颠倒了回调。 Is there a cleaner way to proceed a HTTPS call?是否有更简洁的方式来进行 HTTPS 调用? => request-promise might be an option, as indicated by jfriend00 => request-promise可能是一个选项,如jfriend00 所示
1 个解决方案
解决方案1
0 2019-11-26 20:06:26
This option can be set to pass the extra certs可以设置此选项以通过额外的证书
process.env["NODE_EXTRA_CA_CERTS"] = "some/path/to/ssl.crt"
This option can completely disable the ssl errors (not recommended)这个选项可以完全禁用ssl错误(不推荐)
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
Hope this helps.希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.