堆栈内存溢出
  简体   繁体   English

如何向客户端发送ssl证书链

[英]How to send ssl certificate chain to client

 原文  2020-02-24 16:16:11       python/ node.js/ ssl-certificate

问题描述

I've created Nodejs Websocket server or Python based one.我已经创建了Nodejs Websocket服务器或基于Python的服务器。 How to send certificate chain to the WebSocket browser client so that connection becomes trusted?如何将证书链发送到 WebSocket 浏览器客户端,以便连接变得可信?

I've described this problem here .我在这里描述了这个问题 I see in the example codes the server are using two certificates - key and the public ones.我在示例代码中看到服务器正在使用两个证书——密钥证书和公共证书。 However "ca-bundle" file isn't being used in both the examples.但是,两个示例中都没有使用“ca-bundle”文件。 In Apache webserver however it uses all three certificates.然而,在 Apache 网络服务器中,它使用了所有三个证书。

1 个解决方案

解决方案1
 1  2020-02-25 00:50:51

Apache has separate configuration options for a file containing the server's endpoint cert, which it reads from the pathname defined by SSLCertificateFile , and for a file containing intermediate cert chain, which it reads from the pathname defined by SSLCertificateChainFile . Apache 对于包含服务器端点证书的文件有单独的配置选项,它从SSLCertificateFile定义的路径名中读取,对于包含中间证书链的文件,它从SSLCertificateChainFile定义的路径名中读取。

Python wants the endpoint and intermediate certs to be collected together in a single file, with the server's endpoint cert appearing as the first cert in that file and the intermediate certs following afterwards. Python 希望将端点和中间证书一起收集在一个文件中,服务器的端点证书显示为该文件中的第一个证书,然后是中间证书。 The pathname of that file should be passed as the certfile argument to ssl.wrap_socket() or ssl.SSLContext.load_cert_chain() , or to whatever higher-level API you're using to construct your HTTPS server.该文件的路径名应作为certfile参数传递给ssl.wrap_socket()ssl.SSLContext.load_cert_chain() ,或传递给您用来构建 HTTPS 服务器的任何更高级别的 API。 You can construct this single combined file for Python by simply pasting together the content of the two Apache files.您可以通过简单地将两个 Apache 文件的内容粘贴在一起来为 Python 构建这个单一的组合文件。

Node.js wants the endpoint and intermediate certs to be collected together as a single string, with the server's endpoint cert appearing as the first cert in that string and the intermediate certs following afterwards — which is the same order as Python wants them. Node.js 希望将端点和中间证书作为一个字符串收集在一起,服务器的端点证书显示为该字符串中的第一个证书,中间证书紧随其后——这与 Python 想要的顺序相同。 This string is passed as the cert member of the options argument to https.createServer() , or to whatever other API you are using to construct your HTTPS server.此字符串作为options参数的cert成员传递给https.createServer() ,或传递给您用来构建 HTTPS 服务器的任何其他 API。 It's up to you to construct the certificate string.由您来构建证书字符串。 Your program could do that by reading the certs from the two separate files that Apache uses and then joining the strings together, or it could read them all in one go from the single combined endpoint+intermediate file that you created for use by Python.您的程序可以通过从 Apache 使用的两个单独文件中读取证书,然后将字符串连接在一起来执行此操作,或者它可以从您创建的供 Python 使用的单个组合端点+中间文件中将它们全部读取到一个 go 中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何验证双绞线SSL客户端中的SSL服务器证书 - How to validate the SSL server certificate in twisted SSL client Python Selenium - 如何指定在客户端SSL身份验证中使用的客户端证书 - Python Selenium - How to specify a client certificate to use in client SSL authentication 使用 Python 3.3 SSL 模块获取证书链 - Getting certificate chain with Python 3.3 SSL module web.py上的SSL证书链不完整 - SSL certificate chain incomplete on web.py Python-SSL客户端/服务器证书 - Python - SSL Client/Server Certificate 如何在Scrapy中使用ssl客户端证书(p12)? - How to use ssl client certificate (p12) with Scrapy? 如何使用Python编程语言发送带有客户端证书的https请求 - How to send https request with client certificate using Python programming language 如何在没有客户端 SSL 证书的情况下在 python gRPC 客户端中打开安全通道 - How to open a secure channel in python gRPC client without a client SSL certificate 证书验证失败:证书链中的自签名证书 (_ssl.c:1129) - certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129) Python客户端 - SSL lib - 证书验证失败 - Python client - SSL lib - certificate verify failed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM